| Message ID | 20230704131316.466246-1-wxjstz@126.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Improve sbi_console | expand |
On Tue, Jul 4, 2023 at 6:43 PM Xiang W <wxjstz@126.com> wrote: > > Fix special case: sbi_snprintf(out, out_len, ...) when out_len equal > 1, The previous code will not fill the buffer with any char. I don't understand why this special case is needed. Regards, Anup > > Signed-off-by: Xiang W <wxjstz@126.com> > --- > lib/sbi/sbi_console.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/lib/sbi/sbi_console.c b/lib/sbi/sbi_console.c > index 50af405..4f7c4ca 100644 > --- a/lib/sbi/sbi_console.c > +++ b/lib/sbi/sbi_console.c > @@ -271,6 +271,10 @@ static int print(char **out, u32 *out_len, const char *format, va_list args) > out_len = &console_tbuf_len; > } > > + /* handle special case: *out_len == 1*/ > + if (out) > + **out = '\0'; > + > for (; *format != 0; ++format) { > width = flags = 0; > if (use_tbuf) > -- > 2.40.1 >
在 2023-07-05星期三的 11:14 +0530,Anup Patel写道: > On Tue, Jul 4, 2023 at 6:43 PM Xiang W <wxjstz@126.com> wrote: > > > > Fix special case: sbi_snprintf(out, out_len, ...) when out_len equal > > 1, The previous code will not fill the buffer with any char. > > I don't understand why this special case is needed. The characters are eventually filled by printc, which requires a buffergreater than 1. For buffer lengths equal to 1, no characters will be filled. Accessing this buffer later may result in an overflow. This bug is hard to trigger, and the compiler's static detection checks for the minimum requirement of out_len. However, when the input parameter is variables, the static check will fail and the bug will be triggered. Regards, Xiang > > Regards, > Anup > > > > > Signed-off-by: Xiang W <wxjstz@126.com> > > --- > > lib/sbi/sbi_console.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/lib/sbi/sbi_console.c b/lib/sbi/sbi_console.c > > index 50af405..4f7c4ca 100644 > > --- a/lib/sbi/sbi_console.c > > +++ b/lib/sbi/sbi_console.c > > @@ -271,6 +271,10 @@ static int print(char **out, u32 *out_len, const char *format, va_list args) > > out_len = &console_tbuf_len; > > } > > > > + /* handle special case: *out_len == 1*/ > > + if (out) > > + **out = '\0'; > > + > > for (; *format != 0; ++format) { > > width = flags = 0; > > if (use_tbuf) > > -- > > 2.40.1 > >
diff --git a/lib/sbi/sbi_console.c b/lib/sbi/sbi_console.c index 50af405..4f7c4ca 100644 --- a/lib/sbi/sbi_console.c +++ b/lib/sbi/sbi_console.c @@ -271,6 +271,10 @@ static int print(char **out, u32 *out_len, const char *format, va_list args) out_len = &console_tbuf_len; } + /* handle special case: *out_len == 1*/ + if (out) + **out = '\0'; + for (; *format != 0; ++format) { width = flags = 0; if (use_tbuf)
Fix special case: sbi_snprintf(out, out_len, ...) when out_len equal 1, The previous code will not fill the buffer with any char. Signed-off-by: Xiang W <wxjstz@126.com> --- lib/sbi/sbi_console.c | 4 ++++ 1 file changed, 4 insertions(+)