Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1768295lqa; Mon, 29 Apr 2024 20:35:38 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU2qUPb2QPHu/4sv9If5GdCOO25D3YmmNSicOLiJJk942s2WNozLDYQKIzKgVlgQf0S2CoC7wnDZA8hjV0nW8aZFwc6tgC9D/+Xcm8q6g== X-Google-Smtp-Source: AGHT+IHSkLIRhTtyOPoRqKZpL3ofUnl6Gv3UwA1NmqsYfxxgRS4z7Foy5/KJZw0Mm+QuMbcoZUtY X-Received: by 2002:a17:90b:38d2:b0:2b0:8e9e:7d07 with SMTP id nn18-20020a17090b38d200b002b08e9e7d07mr9769838pjb.3.1714448138488; Mon, 29 Apr 2024 20:35:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714448138; cv=pass; d=google.com; s=arc-20160816; b=bTfmUDQai5vII9MlYtBTrp22YC4+t7hlJaTHY0hvdwY4KMOxQ/h7ipxolW05Po5VWe D1ZrZt+hW9HXgFIknQg6jZx7UrikR29dbMxXN2kr/n+Ig64fuquAAT5KrcHsQxEXicrx eL70Y3e6hoQPE3R304ec8Wva/iJDs5RWgDCKSfT8S30XCH9lg/p+RXeURVHw0rHhCTQU GCBYfbOd2N1lzsCkh5YRRBTnFiFR17WVjMSm4j2K/cR/woA7+f/FUtxm/LSooNRfyKoR 0+o+zfQ8hQxHyb/jiG3LizBD8Rk2KgJkNRlATmRCT1Ja+EjpTwDp1GrqxDrBTgPR4sc1 hENg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :user-agent:content-transfer-encoding:references:in-reply-to:date:cc :to:from:subject:message-id; bh=07Ehq/l/aqO3wlNq5SMqj3K2AliVRcV/4DPLLqvm5+8=; fh=ZscgC+hOA1nme8FZ58xe3YGCT7fiNG8v+KSD9jwlcy0=; b=QI/tDX/QRnGsXV845HIMSFDgHt/ec+kA6nmSn6mOLXStDojDkGZEox0LqVSf84rzqD I7ckDpChkFQ+F5LTt/f8E5tVV1FDLKUa/7C6Am5qHuNJce9S+T23kmoTWlDm2lgX2XNl i+N9yCkMIv3UghOuvhH0ZaHfxal0ArcgjZFlUJJi55KAEsSGVDEdCP6Tw/16h4pXYqkk tbhTQQcXZoqs/C3JwXy+ekYPM8EWuI6I00TUPt/oiMskrfoJ7WctILWHY2u1SqGJgpdD nd+mbgEPhWFNi6RY3viNTImylLRBDcp4oqanHsITjm9LuVvl/4ggwDt+X6rzvjuFZ1J+ yrmA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=perches.com); spf=pass (google.com: domain of linux-kernel+bounces-163302-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163302-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id a2-20020a630b42000000b005eb4d251435si20987524pgl.705.2024.04.29.20.35.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 20:35:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-163302-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=perches.com); spf=pass (google.com: domain of linux-kernel+bounces-163302-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163302-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 0AF7F281591 for ; Tue, 30 Apr 2024 03:33:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C685D1429A; Tue, 30 Apr 2024 03:32:07 +0000 (UTC) Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC8A8101C4; Tue, 30 Apr 2024 03:32:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=216.40.44.11 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447927; cv=none; b=TB4uosCfiTTUtBWucCLb4fQkXXRzvzExtNEpGaQBNo6zU0sdX6Gm9xQjiSiWygZqEAUYQcQSYmRrMEjMMKMgKcAsaX593TdpKE6vlGDd0vs3EWEDA0C8Tk+vNFXCNr36nDT+lEoI/V2Qn4rQCtcKXxf5KDmOOpz3gXhm6nZXVUA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447927; c=relaxed/simple; bh=yFxV8IAL/FhTPWHJslqDdQyTJdimCkoRX51HT2h/SaE=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=FjLZMFAEvHr23gv8ArdghudiyPczvonUx4J5W9WaV98LH8f/8jUtQldBOLBJD7hoJH8IINOdgxJnJ9PPLiTX7zROBd1RstWVBNIw4+uHvKMsz8AQ/gF3OQcZxLi1Rza1KwsiqioofXKr9OhofQ8LglKRPlold90VELNpfIxota8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=perches.com; spf=pass smtp.mailfrom=perches.com; arc=none smtp.client-ip=216.40.44.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=perches.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=perches.com Received: from omf08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id A572B160447; Tue, 30 Apr 2024 03:21:53 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: joe@perches.com) by omf08.hostedemail.com (Postfix) with ESMTPA id 0D09320025; Tue, 30 Apr 2024 03:21:50 +0000 (UTC) Message-ID: Subject: Re: [PATCH v6] checkpatch: add check for snprintf to scnprintf From: Joe Perches To: Kees Cook , Justin Stitt Cc: Andy Whitcroft , Dwaipayan Ray , Lukas Bulwahn , linux-kernel@vger.kernel.org, Lee Jones , linux-hardening@vger.kernel.org, Finn Thain Date: Mon, 29 Apr 2024 20:21:49 -0700 In-Reply-To: <202404291249.078D924@keescook> References: <20240429-snprintf-checkpatch-v6-1-354c62c88290@google.com> <202404291249.078D924@keescook> Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 (3.48.4-1.fc38) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Queue-Id: 0D09320025 X-Rspamd-Server: rspamout08 X-Stat-Signature: g4rtr57ict5i64t7bifcqsccwbpei8by X-Session-Marker: 6A6F6540706572636865732E636F6D X-Session-ID: U2FsdGVkX1/11DngRJQirq2hq9jlQZ0nlQjZJQ0C1o8= X-HE-Tag: 1714447310-562688 X-HE-Meta: U2FsdGVkX19VkOaOkTZywdAdJmmPdqSae8cbGjpk4uNn3d20yEfKvhS5J1o91bK7gYO6EY6HnhIqW/ZDtisg4IhGhOfiaJFkywBivrkbrygz5gwAPqx7ksErpiIAAYxbLebjzAaCphQdnYaCjpyr3xYHXqEh5avOrlLccsYN7KP/+2wT+xFatkYcUpPhZFYTHk2dCBgCJHtvs5sI4FKqVKup/zj3mJnaamWCvBWCdOWPZo8OAVLKLDPFf8UUdiHp4eCaQiSWBJc/6rzVGX7yT+SoNd2fSVaDFxrE3qJ1CUKHPYZpmJEfkGLHFund3fVXNFUOgWCYYE1FFXQd31aLWloy9x4ENKmY4btEORRz1X40ojL7CNSR6QpOdzQMl5BovDitnRcXbhKWuXu7ILjyonK86NFh30LzvYp8TOPpVlWtXynTGdNXiXj6F+D+bBi/iljj2FqQAEi/C/ZdY52W9g== On Mon, 2024-04-29 at 12:49 -0700, Kees Cook wrote: > On Mon, Apr 29, 2024 at 06:39:28PM +0000, Justin Stitt wrote: > > I am going to quote Lee Jones who has been doing some snprintf -> > > scnprintf refactorings: > >=20 > > "There is a general misunderstanding amongst engineers that > > {v}snprintf() returns the length of the data *actually* encoded into th= e > > destination array. However, as per the C99 standard {v}snprintf() > > really returns the length of the data that *would have been* written if > > there were enough space for it. This misunderstanding has led to > > buffer-overruns in the past. It's generally considered safer to use th= e > > {v}scnprintf() variants in their place (or even sprintf() in simple > > cases). So let's do that." > >=20 > > To help prevent new instances of snprintf() from popping up, let's add = a > > check to checkpatch.pl. > >=20 > > Suggested-by: Finn Thain > > Signed-off-by: Justin Stitt >=20 > Thanks! >=20 > Reviewed-by: Kees Cook >=20 $ git grep -P '\b((v|)snprintf)\s*\(' | wc -l 7745 $ git grep -P '(?:return\s+|=3D\s*)\b((v|)snprintf)\s*\(' | wc -l 1626 Given there are ~5000 uses of these that don't care whether or not it's snprintf or scnprintf, I think this is not great. I'd much rather make sure the return value of the call is used before suggesting an alternative. $ git grep -P '\b((v|)snprintf)\s*\(.*PAGE_SIZE' | wc -l 515 And about 1/3 of these snprintf calls are for sysfs style output that ideally would be converted to sysfs_emit or sysfs_emit_at instead.