On 17 March 2026 16:15:07 GMT, Steven Rostedt <[email protected]> wrote:
>On Tue, 17 Mar 2026 16:55:49 +0900
>Masami Hiramatsu (Google) <[email protected]> wrote:
>
>> > --- a/lib/bootconfig.c
>> > +++ b/lib/bootconfig.c
>> > @@ -319,10 +319,10 @@ int __init xbc_node_compose_key_after(struct
>> > xbc_node *root,
>> > depth ? "." : "");
>> > if (ret < 0)
>> > return ret;
>> > - if (ret >= size) {
>> > + if (ret >= (int)size) {
>>
>> nit:
>>
>> if ((size_t)ret >= size) {
>>
>> because sizeof(size_t) > sizeof(int).
>
>I don't think we need to worry about this. But this does bring up an issue.
>ret comes from:
>
> ret = snprintf(buf, size, "%s%s", xbc_node_get_data(node),
> depth ? "." : "");
>
>Where size is of type size_t
>
>snprintf() takes size_t but returns int.
>
>snprintf() calls vsnprintf() which has:
>
> size_t len, pos;
>
>Where pos is incremented based on fmt, and vsnprintf() returns:
>
> return pos;
>
>Which can overflow.
>
>Now, honestly, we should never have a 2Gig string as that would likely
>cause other horrible things. Does size really need to be size_t?
>
>Perhaps we should have:
>
> if (WARN_ON_ONCE(size > MAX_INT))
> return -EINVAL;
>
>?
>
>-- Steve
I'm making a separate patch based on this.
V/R
Josh Law
