On 7/22/2025 1:17 PM, Tony Nguyen wrote: > > > On 7/22/2025 4:50 AM, Amir Mohammad Jahangirzad wrote: >> In i40e_dbg_command_read(), a 256-byte buffer is allocated and filled >> using snprintf(), then copied to userspace via copy_to_user(). >> >> The issue is that snprintf() returns the number of characters that >> *Would* have been written, not the number that actually fit in the buffer. >> If the combined length of the netdev name and i40e_dbg_command_buf is >> long (e.g. 288 + 3 bytes), snprintf() still returns 291 - even though only >> 256 bytes were written. > > Hi Amir, > > Thank you for the patch. In practice, this won't overflow [1]. However, > this code can be improved. If you follow the thread, there's > conversation of the changes that will be made. > > Thanks, > Tony > > [1] https://lore.kernel.org/netdev/[email protected]/ >
Yep. I have patches to just remove this read interface entirely. I hope to post them later today.
OpenPGP_signature.asc
Description: OpenPGP digital signature
