[alsa-devel] [patch] ASoC: soc: snprintf() doesn't return negative

Dan Carpenter error27 at gmail.com
Mon Oct 11 21:45:02 CEST 2010

On Mon, Oct 11, 2010 at 07:51:48PM +0100, Mark Brown wrote:
> In actual fact quite a few devices have enough registers to be
> truncated, meaning that it's not only possible but likely we'll exercise
> the cases that deal with the end of buffer.  If snprintf() is returning
> values larger than buffer size it was given we're likely to have an
> issue but it seems that there's something missing in your analysis since
> we're never seeing WARN_ON()s and are instead seeing the behaviour the
> code is intended to give, which is to truncate the output when we run
> out of space.
> Could you re-check your analysis, please?

That's odd.  I'm sorry, I can't explain why you wouldn't see a stack
trace...  The code is straight forward:

        /* Reject out-of-range values early.  Large positive sizes are
           used for unknown buffer sizes. */
        if (WARN_ON_ONCE((int) size < 0))
                return 0;

It would still give you truncated output but after the NULL terminator
there would be information leaked from the kernel.  If the reader
program had allocated a large enough buffer to handle the extra
information it wouldn't cause a problem.

dan carpenter

More information about the Alsa-devel mailing list