diff options
| author | Alexandre Courbot <acourbot@nvidia.com> | 2026-05-27 20:52:17 +0900 |
|---|---|---|
| committer | Nathan Chancellor <nathan@kernel.org> | 2026-05-28 09:57:13 -0700 |
| commit | d7231d8cb262b1e350c00271bf53d54414b4f3b1 (patch) | |
| tree | d57fc42056ee6365862f0dcbcbbded1445da4c22 /scripts | |
| parent | 159921d63da16ff1d4764e73ddf9e1556b54dfc8 (diff) | |
scripts: modpost: detect and report truncated buf_printf() output
buf_printf() uses a fixed-size stack buffer. vsnprintf() returns the
number of bytes that *would* have been written to that buffer, which can
be larger than the size of said buffer if the formatted string is too
long.
The problem is that whenever this happens buf_printf() currently passes
this length, unchecked, to buf_write(), which silently reads past the
stack buffer and copies invalid data into the output buffer.
Fix this by detecting vsnprintf() failures and truncations before
appending to the output buffer, and report a fatal error instead of
producing corrupt symbol names.
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20260527-nova-exports-v2-1-06de4c556d55@nvidia.com
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/mod/modpost.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index abbcd3fc1394..0d2f1f09019b 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -1689,8 +1689,17 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_start(ap, fmt); len = vsnprintf(tmp, SZ, fmt, ap); - buf_write(buf, tmp, len); va_end(ap); + + if (len < 0) { + perror("vsnprintf failed"); + exit(1); + } + if (len >= SZ) + fatal("buf_printf output truncated for string %s: %d bytes needed, %d available\n", + tmp, len + 1, SZ); + + buf_write(buf, tmp, len); } void buf_write(struct buffer *buf, const char *s, int len) |