[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2 1/3] vsscanf(): Integer overflow is a conversion failure
On Sat, Jun 10, 2023 at 01:07:41PM -0400, Demi Marie Obenour wrote: > --- > .../hive_isp_css_include/platform_support.h | 1 - > include/linux/limits.h | 1 + > include/linux/mfd/wl1273-core.h | 3 - > include/vdso/limits.h | 3 + > lib/vsprintf.c | 82 ++++++++++++++----- > 5 files changed, 67 insertions(+), 23 deletions(-) > > diff --git > a/drivers/staging/media/atomisp/pci/hive_isp_css_include/platform_support.h > b/drivers/staging/media/atomisp/pci/hive_isp_css_include/platform_support.h > index > 0cdef4a5e8b1bed9884133f1a0b9d853d59d43a4..e29b96d8bebf14839f6dd48fdc6c0f8b029ef31d > 100644 > --- > a/drivers/staging/media/atomisp/pci/hive_isp_css_include/platform_support.h > +++ > b/drivers/staging/media/atomisp/pci/hive_isp_css_include/platform_support.h > @@ -27,7 +27,6 @@ > > #define UINT16_MAX USHRT_MAX > #define UINT32_MAX UINT_MAX > -#define UCHAR_MAX (255) > > #define CSS_ALIGN(d, a) d __attribute__((aligned(a))) > > diff --git a/include/linux/limits.h b/include/linux/limits.h > index > f6bcc936901071f496e3e85bb6e1d93905b12e32..8f7fd85b41fb46e6992d9e5912da00424119227a > 100644 > --- a/include/linux/limits.h > +++ b/include/linux/limits.h > @@ -8,6 +8,7 @@ > > #define SIZE_MAX (~(size_t)0) > #define SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1)) > +#define SSIZE_MIN (-SSIZE_MAX - 1) > #define PHYS_ADDR_MAX (~(phys_addr_t)0) > > #define U8_MAX ((u8)~0U) > diff --git a/include/linux/mfd/wl1273-core.h b/include/linux/mfd/wl1273-core.h > index > c28cf76d5c31ee1c94a9319a2e2d318bf00283a6..b81a229135ed9f756c749122a8341816031c8311 > 100644 > --- a/include/linux/mfd/wl1273-core.h > +++ b/include/linux/mfd/wl1273-core.h > @@ -204,9 +204,6 @@ > WL1273_IS2_TRI_OPT | \ > WL1273_IS2_RATE_48K) > > -#define SCHAR_MIN (-128) > -#define SCHAR_MAX 127 > - > #define WL1273_FR_EVENT BIT(0) > #define WL1273_BL_EVENT BIT(1) > #define WL1273_RDS_EVENT BIT(2) > diff --git a/include/vdso/limits.h b/include/vdso/limits.h > index > 0197888ad0e00b2f853d3f25ffa764f61cca7385..0cad0a2490e5efc194d874025eb3e3b846a5c7b4 > 100644 > --- a/include/vdso/limits.h > +++ b/include/vdso/limits.h > @@ -2,6 +2,9 @@ > #ifndef __VDSO_LIMITS_H > #define __VDSO_LIMITS_H > > +#define UCHAR_MAX ((unsigned char)~0U) > +#define SCHAR_MAX ((signed char)(UCHAR_MAX >> 1)) > +#define SCHAR_MIN ((signed char)(-SCHAR_MAX - 1)) > #define USHRT_MAX ((unsigned short)~0U) > #define SHRT_MAX ((short)(USHRT_MAX >> 1)) > #define SHRT_MIN ((short)(-SHRT_MAX - 1)) It looks like you're going to have to redo these patches anyway for various reasons. Could you pull the U/SCHAR_MAX changes out into a separate patch? > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index > 40f560959b169b4c4ac6154d658cfe76cfd0c5a6..8caccdcda0a2b470cda70c9b3837de37207eb512 > 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -59,7 +59,7 @@ > bool no_hash_pointers __ro_after_init; > EXPORT_SYMBOL_GPL(no_hash_pointers); > > -static noinline unsigned long long simple_strntoull(const char *startp, > size_t max_chars, char **endp, unsigned int base) > +static noinline unsigned long long simple_strntoull(const char *startp, > size_t max_chars, char **endp, unsigned int base, bool *overflow) > { > const char *cp; > unsigned long long result = 0ULL; > @@ -71,6 +71,8 @@ static noinline unsigned long long simple_strntoull(const > char *startp, size_t m > if (prefix_chars < max_chars) { > rv = _parse_integer_limit(cp, base, &result, max_chars - > prefix_chars); > /* FIXME */ It's not clear what this FIXME is for, but probably it should go next to the cp += (rv & ~KSTRTOX_OVERFLOW); line? Does anyone know what it means? Maybe just delete it. > + if (overflow) > + *overflow = !!(rv & KSTRTOX_OVERFLOW); > cp += (rv & ~KSTRTOX_OVERFLOW); > } else { *overflow isn't initialized on the else path. > /* Field too short for prefix + digit, skip over without > converting */ > @@ -94,7 +96,7 @@ static noinline unsigned long long simple_strntoull(const > char *startp, size_t m > noinline > unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int > base) > { > - return simple_strntoull(cp, INT_MAX, endp, base); > + return simple_strntoull(cp, INT_MAX, endp, base, NULL); > } > EXPORT_SYMBOL(simple_strtoull); > > @@ -130,18 +132,22 @@ long simple_strtol(const char *cp, char **endp, > unsigned int base) > EXPORT_SYMBOL(simple_strtol); > > static long long simple_strntoll(const char *cp, size_t max_chars, char > **endp, > - unsigned int base) > + unsigned int base, bool *overflow) > { > + unsigned long long minand; > + bool negate; > + > /* > * simple_strntoull() safely handles receiving max_chars==0 in the > * case cp[0] == '-' && max_chars == 1. > * If max_chars == 0 we can drop through and pass it to > simple_strntoull() > * and the content of *cp is irrelevant. > */ > - if (*cp == '-' && max_chars > 0) > - return -simple_strntoull(cp + 1, max_chars - 1, endp, base); > - > - return simple_strntoull(cp, max_chars, endp, base); > + negate = *cp == '-' && max_chars > 0; > + minand = simple_strntoull(cp + negate, max_chars - negate, endp, base, > overflow); > + if (minand > (unsigned long long)LONG_MAX + negate) > + *overflow = true; > + return negate ? -minand : minand; > } > > /** > @@ -3441,7 +3447,7 @@ int vsscanf(const char *buf, const char *fmt, va_list > args) > unsigned long long u; > } val; > s16 field_width; > - bool is_sign; > + bool is_sign, overflow, allow_overflow; > > while (*fmt) { > /* skip any white space in format */ > @@ -3464,6 +3470,9 @@ int vsscanf(const char *buf, const char *fmt, va_list > args) > break; > ++fmt; > > + allow_overflow = *fmt == '!'; > + fmt += (int)allow_overflow; > + > /* skip this conversion. > * advance both strings to next white space > */ > @@ -3649,45 +3658,80 @@ int vsscanf(const char *buf, const char *fmt, va_list > args) > if (is_sign) > val.s = simple_strntoll(str, > field_width >= 0 ? field_width > : INT_MAX, > - &next, base); > + &next, base, &overflow); > else > val.u = simple_strntoull(str, > field_width >= 0 ? field_width > : INT_MAX, > - &next, base); > + &next, base, &overflow); > + if (unlikely(overflow && !allow_overflow)) So that means that *overflow can be uninitialized here. > + break; > > switch (qualifier) { regards, dan carpenter
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |