Re: [RFC PATCH 1/1] vsprintf: Warn on integer scanning overflows

From: Andy Shevchenko
Date: Thu Jun 08 2023 - 10:34:28 EST


On Thu, Jun 08, 2023 at 12:37:55AM +0200, Richard Weinberger wrote:
> The scanf function family has no way to indicate overflows
> while scanning. As consequence users of these function have to make
> sure their input cannot cause an overflow.
> Since this is not always the case add WARN_ON_ONCE() guards to
> trigger a warning upon an overflow.

...

> if (prefix_chars < max_chars) {
> rv = _parse_integer_limit(cp, base, &result, max_chars - prefix_chars);
> + WARN_ON_ONCE(rv & KSTRTOX_OVERFLOW);

This seems incorrect. simple_strto*() are okay to overflow. It's by design.

> /* FIXME */

...and that's why this one is here.

> cp += (rv & ~KSTRTOX_OVERFLOW);
> } else {


--
With Best Regards,
Andy Shevchenko