On Thu, 12 Mar 2026 19:11:43 +0000 Josh Law <[email protected]> wrote:
> From: Josh Law <[email protected]> > > snprintf() returns the number of characters that would have been > written excluding the NUL terminator. Output is truncated when the > return value is >= the buffer size, not just > the buffer size. > > When ret == size, the current code takes the non-truncated path, > advancing buf by ret and reducing size to 0. This is wrong because > the output was actually truncated (the last character was replaced by > NUL). Fix by using >= so the truncation path is taken correctly. > OK, but this one is a minor issue, because either way, remaining size becomes 0. ret = snprintf(buf, size, "%s%s", xbc_node_get_data(node), depth ? "." : ""); if (ret < 0) return ret; if (ret > size) { size = 0; } else { size -= ret; // if ret == size, the size becomes 0 buf += ret; } Anyway, to be clear the correct error case handling, this should be applied. Thank you! > Signed-off-by: Josh Law <[email protected]> > --- > lib/bootconfig.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/bootconfig.c b/lib/bootconfig.c > index 62b4ed7a0ba6..b0ef1e74e98a 100644 > --- a/lib/bootconfig.c > +++ b/lib/bootconfig.c > @@ -316,7 +316,7 @@ int __init xbc_node_compose_key_after(struct xbc_node > *root, > depth ? "." : ""); > if (ret < 0) > return ret; > - if (ret > size) { > + if (ret >= size) { > size = 0; > } else { > size -= ret; > -- > 2.34.1 > -- Masami Hiramatsu (Google) <[email protected]>
