From patchwork Fri Jun 9 03:36:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiang W X-Patchwork-Id: 1792763 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=VwW5Z9ek; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256 header.s=casper.20170209 header.b=UY0cEmZE; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=126.com header.i=@126.com header.a=rsa-sha256 header.s=s110527 header.b=garE/goC; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QcmyG50xXz20WP for ; Fri, 9 Jun 2023 13:38:30 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6+hvQOaEC97hXO6AoPKLISfc/s6wspbdvvQ/CjRLtSA=; b=VwW5Z9ekkOSudK usM7vcpAG9YQJKpVPnW1rfJCYYhx3w9uDv1//iJETYYBVpvIAnuFeq0Anfo0DMs5a46+MsZH7KGa4 BKBOTG3D1m+ysilrt6qVABwL0n57qBsvDdmpXxcfEp2u27TW7Nrrpx9kahWOcq0QGA5f8L7bzpGc6 cv64UeOckUnMB2PHCNg4rtvhgregp+497pCM2UOkGr1/nvL4TmzBaXY4H+RToWob5W2qbPowUh8a3 BxJqjQW33zPWy6YrRAwvB7FQzeQJxyNJvXQWQ3AZLHUY2ahR/wLLDyc4MfcXjSUYx7m0afcPk4LJN F1bn6HzCIO16qcr3gV0A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q7Sx8-00BUDS-2C; Fri, 09 Jun 2023 03:38:18 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1q7Sx7-00BUDC-1r for opensbi@bombadil.infradead.org; Fri, 09 Jun 2023 03:38:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=F5G9oVP8SJNYttUZrMhqezksabE3erkA5tKA+0zY2mA=; b=UY0cEmZE/JSNqs0Si+elk3Omcl YyuSkyopr/7ITCebo2a9kaq3X+7WXtxAMIv0wti3mEXpbrH6mmeSAFzEpcwftdmwVB29VH34Y9zWg 208NngWNzUaVSFIm2Vc1h3NdHS3aMo0RZENeYh2uwRntFtXG1zuhdk3R1ay/PNBcVmDvdSUYF04mV 6ro30ddf45hgXgRMk3BSkzZi+uaamuIsiqQYJgpDmsEnTXG/o63KOccLBbMWz2UDUnjDY0TS3DcGQ 1pNZt2EBbh0WPVZRsotfuos16Z4IbF84pVqFxhPWHPurxmCpdqpB9fVU46WH7XTSGlcjapV/2HBZi JoK06Fzw==; Received: from m126.mail.126.com ([220.181.12.29]) by casper.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1q7Sx3-00G8XR-PX for opensbi@lists.infradead.org; Fri, 09 Jun 2023 03:38:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=F5G9o VP8SJNYttUZrMhqezksabE3erkA5tKA+0zY2mA=; b=garE/goC07GcS69ZFh267 JDbqcaBWp66NWHUK0xxon/Zfj2sGrhU7id1rbBX2D1Llq8mARIJ4VIw45G3QnfeK xmu71GTZ3dKx6JfFWSjsZvPgyQ9w8EhGRl+24cq54KNPSQzEtQDV0eJRXC8OdIXW H7zacWg7px6nwQU6ZgCGaM= Received: from x390.lan (unknown [58.247.180.222]) by zwqz-smtp-mta-g5-1 (Coremail) with SMTP id _____wBHQb0pnoJkoNgMAA--.5905S2; Fri, 09 Jun 2023 11:36:09 +0800 (CST) From: Xiang W To: opensbi@lists.infradead.org Cc: Xiang W , anup@brainfault.org, jrtc27@jrtc27.com Subject: [PATCH v5 12/14] lib: sbi: Fix timing of clearing tbuf Date: Fri, 9 Jun 2023 11:36:06 +0800 Message-Id: <20230609033606.84769-1-wxjstz@126.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609033430.84471-1-wxjstz@126.com> References: <20230609033430.84471-1-wxjstz@126.com> MIME-Version: 1.0 X-CM-TRANSID: _____wBHQb0pnoJkoNgMAA--.5905S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ZF1UJF1kZFW8Jry7Zr47Arb_yoW8Wr1Upr 1akF98JF4rtF1fW3yvyF13CF4rA34kG3WayrZrJ34rXFn5J3s7WrWqgF9YvrsxXrZ3AF1Y kFn5JFyUZFyUWrJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0ziU3kNUUUUU= X-Originating-IP: [58.247.180.222] X-CM-SenderInfo: pz0m23b26rjloofrz/1tbiJhmJOlpD8z52ygABsl X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230609_043814_349903_52A62E7A X-CRM114-Status: UNSURE ( 9.26 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.6 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [wxjstz[at]126.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 T_SCC_BODY_TEXT_LINE No description available. X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org A single scan of the format char may add multiple characters to the tbuf, causing a buffer overflow. You should check if tbuf is full in printc so that it does not cause a buffer overflow. Signed-off-by: Xiang W --- lib/sbi/sbi_console.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/sbi/sbi_console.c b/lib/sbi/sbi_console.c index c227b0f..2eefee1 100644 --- a/lib/sbi/sbi_console.c +++ b/lib/sbi/sbi_console.c @@ -18,6 +18,8 @@ #define PAD_ZERO 2 #define PAD_ALTERNATE 4 #define PAD_SIGN 8 +#define USED_TBUF (1 << (8 * sizeof(int) - 1)) + #define PRINT_BUF_LEN 64 #define CONSOLE_TBUF_MAX 256 @@ -161,6 +163,11 @@ append: info->out[info->pos++] = ch; info->out[info->pos] = '\0'; info->pc++; + + if ((info->flags & USED_TBUF) && (info->len - info->pos <= 1)) { + nputs_all(info->out, info->pos); + info->pos = 0; + } } static void prints(struct print_info *info, const char *string) @@ -266,10 +273,9 @@ static void print(struct print_info *info, const char *format, va_list args) } for (; *format != 0; ++format) { - if (use_tbuf && (info->len - info->pos <= 1)) { - nputs_all(info->out, info->pos); - info->pos = 0; - } + info->flags = 0; + if (use_tbuf) + info->flags |= USED_TBUF; if (*format == '%') { ++format; if (*format == '\0') @@ -277,7 +283,6 @@ static void print(struct print_info *info, const char *format, va_list args) if (*format == '%') goto literal; /* Get flags */ - info->flags = 0; flags_done = false; while (!flags_done) { switch (*format) {