On Tue, 17 Mar 2026 19:16:26 -0400 Steven Rostedt <[email protected]> wrote:
> On Wed, 18 Mar 2026 08:03:51 +0900 > Masami Hiramatsu (Google) <[email protected]> wrote: > > > On Tue, 17 Mar 2026 20:44:03 +0000 > > Josh Law <[email protected]> wrote: > > > > > xbc_node_compose_key_after() passes a size_t buffer length to > > > snprintf(), but snprintf() returns int. Guard against size values above > > > INT_MAX before the loop so the existing truncation check can continue to > > > compare ret against (int)size safely. > > > > > > Add a small WARN_ON_ONCE shim for the tools/bootconfig userspace build > > > so the same source continues to build there. > > > > NACK. > > > > Don't do such over engineering effort. > > Hi Masami, > > This was somewhat my idea. Why do you think it's over engineering? > > This is your code, so you have final say. I'm not going to push it. I'm > just curious to your thoughts. I sent a mail why I thought this is over engineering. I think this comes from vsnprintf() interface design. If all user of that needs to do this, that is not fair. It should be checked in vsnprintf() and caller should just check the returned error. > > It is interesting that snprintf() takes a size_t size, and the iterator > inside is also size_t, but then it returns the value as an int. Yes, that is checked in vsnprintf(), not its caller. I think linux kernel should ensure the the return value is smaller than INT_MAX, and return -EOVERFLOW if not. Thank you, > > That itself just looks wrong (and has nothing to do with your code). > > -- Steve -- Masami Hiramatsu (Google) <[email protected]>
