Skip to content

Commit 900fdc4

Browse files
rfvirgilpmladek
rfvirgil
authored and
pmladek
committed
lib: vsprintf: Fix handling of number field widths in vsscanf
The existing code attempted to handle numbers by doing a strto[u]l(), ignoring the field width, and then repeatedly dividing to extract the field out of the full converted value. If the string contains a run of valid digits longer than will fit in a long or long long, this would overflow and no amount of dividing can recover the correct value. This patch fixes vsscanf() to obey number field widths when parsing the number. A new _parse_integer_limit() is added that takes a limit for the number of characters to parse. The number field conversion in vsscanf is changed to use this new function. If a number starts with a radix prefix, the field width must be long enough for at last one digit after the prefix. If not, it will be handled like this: sscanf("0x4", "%1i", &i): i=0, scanning continues with the 'x' sscanf("0x4", "%2i", &i): i=0, scanning continues with the '4' This is consistent with the observed behaviour of userland sscanf. Note that this patch does NOT fix the problem of a single field value overflowing the target type. So for example: sscanf("123456789abcdef", "%x", &i); Will not produce the correct result because the value obviously overflows INT_MAX. But sscanf will report a successful conversion. Note that where a very large number is used to mean "unlimited", the value INT_MAX is used for consistency with the behaviour of vsnprintf(). Signed-off-by: Richard Fitzgerald <[email protected]> Reviewed-by: Petr Mladek <[email protected]> Signed-off-by: Petr Mladek <[email protected]> Link: https://lore.kernel.org/r/[email protected]
1 parent 11b3dda commit 900fdc4

File tree

3 files changed

+60
-37
lines changed

3 files changed

+60
-37
lines changed

lib/kstrtox.c

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,20 +39,22 @@ const char *_parse_integer_fixup_radix(const char *s, unsigned int *base)
3939

4040
/*
4141
* Convert non-negative integer string representation in explicitly given radix
42-
* to an integer.
42+
* to an integer. A maximum of max_chars characters will be converted.
43+
*
4344
* Return number of characters consumed maybe or-ed with overflow bit.
4445
* If overflow occurs, result integer (incorrect) is still returned.
4546
*
4647
* Don't you dare use this function.
4748
*/
48-
unsigned int _parse_integer(const char *s, unsigned int base, unsigned long long *p)
49+
unsigned int _parse_integer_limit(const char *s, unsigned int base, unsigned long long *p,
50+
size_t max_chars)
4951
{
5052
unsigned long long res;
5153
unsigned int rv;
5254

5355
res = 0;
5456
rv = 0;
55-
while (1) {
57+
while (max_chars--) {
5658
unsigned int c = *s;
5759
unsigned int lc = c | 0x20; /* don't tolower() this line */
5860
unsigned int val;
@@ -82,6 +84,11 @@ unsigned int _parse_integer(const char *s, unsigned int base, unsigned long long
8284
return rv;
8385
}
8486

87+
unsigned int _parse_integer(const char *s, unsigned int base, unsigned long long *p)
88+
{
89+
return _parse_integer_limit(s, base, p, INT_MAX);
90+
}
91+
8592
static int _kstrtoull(const char *s, unsigned int base, unsigned long long *res)
8693
{
8794
unsigned long long _res;

lib/kstrtox.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44

55
#define KSTRTOX_OVERFLOW (1U << 31)
66
const char *_parse_integer_fixup_radix(const char *s, unsigned int *base);
7+
unsigned int _parse_integer_limit(const char *s, unsigned int base, unsigned long long *res,
8+
size_t max_chars);
79
unsigned int _parse_integer(const char *s, unsigned int base, unsigned long long *res);
810

911
#endif

lib/vsprintf.c

Lines changed: 48 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,31 @@
5353
#include <linux/string_helpers.h>
5454
#include "kstrtox.h"
5555

56+
static unsigned long long simple_strntoull(const char *startp, size_t max_chars,
57+
char **endp, unsigned int base)
58+
{
59+
const char *cp;
60+
unsigned long long result = 0ULL;
61+
size_t prefix_chars;
62+
unsigned int rv;
63+
64+
cp = _parse_integer_fixup_radix(startp, &base);
65+
prefix_chars = cp - startp;
66+
if (prefix_chars < max_chars) {
67+
rv = _parse_integer_limit(cp, base, &result, max_chars - prefix_chars);
68+
/* FIXME */
69+
cp += (rv & ~KSTRTOX_OVERFLOW);
70+
} else {
71+
/* Field too short for prefix + digit, skip over without converting */
72+
cp = startp + max_chars;
73+
}
74+
75+
if (endp)
76+
*endp = (char *)cp;
77+
78+
return result;
79+
}
80+
5681
/**
5782
* simple_strtoull - convert a string to an unsigned long long
5883
* @cp: The start of the string
@@ -63,18 +88,7 @@
6388
*/
6489
unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int base)
6590
{
66-
unsigned long long result;
67-
unsigned int rv;
68-
69-
cp = _parse_integer_fixup_radix(cp, &base);
70-
rv = _parse_integer(cp, base, &result);
71-
/* FIXME */
72-
cp += (rv & ~KSTRTOX_OVERFLOW);
73-
74-
if (endp)
75-
*endp = (char *)cp;
76-
77-
return result;
91+
return simple_strntoull(cp, INT_MAX, endp, base);
7892
}
7993
EXPORT_SYMBOL(simple_strtoull);
8094

@@ -109,6 +123,21 @@ long simple_strtol(const char *cp, char **endp, unsigned int base)
109123
}
110124
EXPORT_SYMBOL(simple_strtol);
111125

126+
static long long simple_strntoll(const char *cp, size_t max_chars, char **endp,
127+
unsigned int base)
128+
{
129+
/*
130+
* simple_strntoull() safely handles receiving max_chars==0 in the
131+
* case cp[0] == '-' && max_chars == 1.
132+
* If max_chars == 0 we can drop through and pass it to simple_strntoull()
133+
* and the content of *cp is irrelevant.
134+
*/
135+
if (*cp == '-' && max_chars > 0)
136+
return -simple_strntoull(cp + 1, max_chars - 1, endp, base);
137+
138+
return simple_strntoull(cp, max_chars, endp, base);
139+
}
140+
112141
/**
113142
* simple_strtoll - convert a string to a signed long long
114143
* @cp: The start of the string
@@ -119,10 +148,7 @@ EXPORT_SYMBOL(simple_strtol);
119148
*/
120149
long long simple_strtoll(const char *cp, char **endp, unsigned int base)
121150
{
122-
if (*cp == '-')
123-
return -simple_strtoull(cp + 1, endp, base);
124-
125-
return simple_strtoull(cp, endp, base);
151+
return simple_strntoll(cp, INT_MAX, endp, base);
126152
}
127153
EXPORT_SYMBOL(simple_strtoll);
128154

@@ -3541,25 +3567,13 @@ int vsscanf(const char *buf, const char *fmt, va_list args)
35413567
break;
35423568

35433569
if (is_sign)
3544-
val.s = qualifier != 'L' ?
3545-
simple_strtol(str, &next, base) :
3546-
simple_strtoll(str, &next, base);
3570+
val.s = simple_strntoll(str,
3571+
field_width >= 0 ? field_width : INT_MAX,
3572+
&next, base);
35473573
else
3548-
val.u = qualifier != 'L' ?
3549-
simple_strtoul(str, &next, base) :
3550-
simple_strtoull(str, &next, base);
3551-
3552-
if (field_width > 0 && next - str > field_width) {
3553-
if (base == 0)
3554-
_parse_integer_fixup_radix(str, &base);
3555-
while (next - str > field_width) {
3556-
if (is_sign)
3557-
val.s = div_s64(val.s, base);
3558-
else
3559-
val.u = div_u64(val.u, base);
3560-
--next;
3561-
}
3562-
}
3574+
val.u = simple_strntoull(str,
3575+
field_width >= 0 ? field_width : INT_MAX,
3576+
&next, base);
35633577

35643578
switch (qualifier) {
35653579
case 'H': /* that's 'hh' in format */

0 commit comments

Comments
 (0)