Re: [PATCH] fs/orangefs: use snprintf() instead of sprintf()
From: Amir Mohammad Jahangirzad
Date: Sun Jun 22 2025 - 14:40:25 EST
On Sun, Jun 8, 2025 at 8:06 PM Amir Mohammad Jahangirzad
<a.jahangirzad@xxxxxxxxx> wrote:
>
> sprintf() is discouraged for use with bounded destination buffers
> as it does not prevent buffer overflows when the formatted output
> exceeds the destination buffer size. snprintf() is a safer
> alternative as it limits the number of bytes written and ensures
> NUL-termination.
>
> Replace sprintf() with snprintf() for copying the debug string
> into a temporary buffer, using ORANGEFS_MAX_DEBUG_STRING_LEN as
> the maximum size to ensure safe formatting and prevent memory
> corruption in edge cases.
>
>
> Signed-off-by: Amir Mohammad Jahangirzad <a.jahangirzad@xxxxxxxxx>
> ---
> fs/orangefs/orangefs-debugfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
> index f7095c91660c..e1613e0847e8 100644
> --- a/fs/orangefs/orangefs-debugfs.c
> +++ b/fs/orangefs/orangefs-debugfs.c
> @@ -396,7 +396,7 @@ static ssize_t orangefs_debug_read(struct file *file,
> goto out;
>
> mutex_lock(&orangefs_debug_lock);
> - sprintf_ret = sprintf(buf, "%s", (char *)file->private_data);
> + sprintf_ret = snprintf(buf, ORANGEFS_MAX_DEBUG_STRING_LEN, "%s", (char *)file->private_data);
> mutex_unlock(&orangefs_debug_lock);
>
> read_ret = simple_read_from_buffer(ubuf, count, ppos, buf, sprintf_ret);
> --
> 2.43.0
>
Hi there,
Just following up to see if there's anything you'd like me to change or
address in the patch before it can move forward.
Please let me know if any updates are needed.
Regards,
Amir Mohammad Jahangirzad