Re: [PATCH v2] lib/bootconfig: guard xbc_node_compose_key_after() buffer size

Tue, 17 Mar 2026 11:28:36 -0700 

On Tue, 17 Mar 2026 18:06:05 +0000
Josh Law <[email protected]> wrote:

> xbc_node_compose_key_after() passes a size_t buffer length to
> snprintf(), but snprintf() returns int. Guard against size values above
> INT_MAX before the loop so the existing truncation check can continue to
> compare ret against (int)size safely.
> 
> Add a small WARN_ON_ONCE shim for the tools/bootconfig userspace build
> so the same source continues to build there.
> 
> Signed-off-by: Josh Law <[email protected]>
> ---

BTW, you can add here:

Changes since v1: 
https://lore.kernel.org/all/[email protected]/

- Removed typecasting ret to size_t, as it is not needed (Steven Rostedt)

>  lib/bootconfig.c                            | 3 +++
>  tools/bootconfig/include/linux/bootconfig.h | 5 +++++
>  2 files changed, 8 insertions(+)
> 
> diff --git a/lib/bootconfig.c b/lib/bootconfig.c
> index 96cbe6738ffe..730209c83e62 100644
> --- a/lib/bootconfig.c
> +++ b/lib/bootconfig.c
> @@ -313,6 +313,9 @@ int __init xbc_node_compose_key_after(struct xbc_node 
> *root,
>       if (!node && root)
>               return -EINVAL;
>  

I wonder if this should have a comment here:

        /*
         * Greater than 2G isn't needed for the bootconfig. Warn if it is
         * bigger as to not need to worry about overruns of snprintf()
         * return value.
         */

> +     if (WARN_ON_ONCE(size > INT_MAX))
> +             return -EINVAL;
> +

-- Steve

>       while (--depth >= 0) {
>               node = xbc_nodes + keys[depth];
>               ret = snprintf(buf, size, "%s%s", xbc_node_get_data(node),
> diff --git a/tools/bootconfig/include/linux/bootconfig.h 
> b/tools/bootconfig/include/linux/bootconfig.h
> index 6784296a0692..48383c10e036 100644
> --- a/tools/bootconfig/include/linux/bootconfig.h
> +++ b/tools/bootconfig/include/linux/bootconfig.h
> @@ -8,6 +8,7 @@
>  #include <stdbool.h>
>  #include <ctype.h>
>  #include <errno.h>
> +#include <limits.h>
>  #include <string.h>
>  
>  
> @@ -19,6 +20,10 @@
>       ((cond) ? printf("Internal warning(%s:%d, %s): %s\n",   \
>                       __FILE__, __LINE__, __func__, #cond) : 0)
>  
> +#ifndef WARN_ON_ONCE
> +#define WARN_ON_ONCE(cond)   WARN_ON(cond)
> +#endif
> +
>  #define unlikely(cond)       (cond)
>  
>  /* Copied from lib/string.c */

Reply via email to