Re: printf(3): extra parameters, %b token, and cpp antics
On Sun, Apr 23, 2017 at 06:01:18PM +1000, Damian McGuckin wrote: > On Sun, 23 Apr 2017, Jonathan Gray wrote: > > > http://man.openbsd.org/printf.9 > > Is the use of '%b' an addressing-out-of-bounds bug waiting to happen or is > there some sort of inbuilt protection that I cannot see? > > Regards - Damian Well, you can look at the implementation and decide that for yourself, If you spot a bug we would like ot know ;-) -Otto
Re: printf(3): extra parameters, %b token, and cpp antics
On Sun, 23 Apr 2017, Jonathan Gray wrote: http://man.openbsd.org/printf.9 Is the use of '%b' an addressing-out-of-bounds bug waiting to happen or is there some sort of inbuilt protection that I cannot see? Regards - Damian Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037 Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here Views & opinions here are mine and not those of any past or present employer
Re: printf(3): extra parameters, %b token, and cpp antics
On Sun, Apr 23, 2017 at 03:39:22AM -0400, Ian Sutton wrote: > I noticed some strange code in src/sys/arch/armv7/omap/ommmc.c > > This preprocessor define seems to map intr. state bit positions with > strings describing them: > > 149 #define MMCHS_STAT_FMT "\20" \ > 150 "\x09d_BADA" \ > 151 "\x09c_CERR" \ > 152 "\x098_ACE" \ > 153 "\x096_DEB" \ > 154 "\x095_DCRC" \ > 155 "\x094_DTO" \ > 156 "\x093_CIE" \ > 157 "\x092_CEB" \ > 158 "\x091_CCRC" \ > 159 "\x090_CTO" \ > 160 "\x08f_ERRI" \ > 161 "\x089_OBI" \ > 162 "\x088_CIRQ" \ > 163 "\x085_BRR" \ > 164 "\x084_BWR" \ > 165 "\x082_BGE" \ > 166 "\x081_TC" \ > 167 "\x080_CC" > > It's used later as an extra printf() argument (edited for clarity): > > 1174 printf("%s: interrupt status=%b\n", DEVNAME(sc), status, MMCHS_STAT_FMT); > > Whenever the above is called, the string counterpart to each interupt > bit set in 'status' is printed, for example: > > mmmc0: interrupt status=20008000<_BADA,_ERRI> > > Where BADA and ERRI are intr. status bits at positions 29 and 15 > respectively. > > So through some combination of: > * CPP multi-string define with unclear hex escapes prepended > * printf() call with one too many parameters > * undocumented %b printf() token http://man.openbsd.org/printf.9
Re: printf(3): extra parameters, %b token, and cpp antics
On Sun, Apr 23, 2017 at 03:39:22AM -0400, Ian Sutton wrote: > > So through some combination of: > * CPP multi-string define with unclear hex escapes prepended > * printf() call with one too many parameters > * undocumented %b printf() token you didn't look at the right printf man page. This is kernel code, so you should look at printf(9) and not at printf(3). $ man 9 printf ... The kernel functions support some additional formatting specifiers: %b Bit field expansion. This format specifier is useful for decoding bit fields in device registers. It displays an integer using a specified radix (base) and an interpretation of the bits within that integer as though they were flags. It requires two arguments from the argument vector, the first argument being the bit field to be decoded (of type int, unless a width modifier has been specified) and the second being a decoding directive string. ... Thanks. -- Sebastien Marie