On Thu, Jun 9, 2022 at 10:18 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Thu, Jun 09, 2022 at 10:16:26PM +0000, Bill Wendling wrote:
From: Bill Wendling isanbard@gmail.com
Why isn't that matching your From: line in the email?
There must be something wrong with my .gitconfig file. I"ll check into it.
When compiling with -Wformat, clang emits the following warnings:
Is that ever a default build option for the kernel?
We want to enable -Wformat for clang. I believe that these specific warnings have been disabled, but I'm confused as to why, because they're valid warnings. When I compiled with the warning enabled, there were only a few (12) places that needed changes, so thought that patches would be a nice cleanup, even though the warning itself is disabled.
drivers/char/mem.c:775:16: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security] NULL, devlist[minor].name); ^~~~~~~~~~~~~~~~~~~
Use a string literal for the format string.
Link: https://github.com/ClangBuiltLinux/linux/issues/378 Signed-off-by: Bill Wendling isanbard@gmail.com
drivers/char/mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c index 84ca98ed1dad..32d821ba9e4d 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -772,7 +772,7 @@ static int __init chr_dev_init(void) continue;
device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
NULL, devlist[minor].name);
NULL, "%s", devlist[minor].name);Please explain how this static string can ever be user controlled.
All someone would need to do is accidentally insert an errant '%' in one of the strings for this function call to perform unexpected actions---at the very least reading memory that's not allocated and may contain garbage, thereby decreasing performance and possibly overrunning some buffer. Perhaps in this specific scenario it's unlikely, but "device_create()" is used in a lot more places than here. This patch is a general code cleanup.
-bw