On Thu, Jul 25, 2019 at 08:10:33PM +0800, Wang Xiayang wrote:
>
> ----- On Jul 25, 2019, at 5:44 PM, Daniel Thompson daniel.thomp...@linaro.org
> wrote:
>
> > On Thu, Jul 25, 2019 at 01:33:45PM +0800, Wang Xiayang wrote:
> >> As commit a86028f8e3ee ("staging: most: sound: replace snprintf
> >> with strscpy") suggested, using snprintf without a format
> >> specifier is potentially risky if the PROMPT environment
> >> variable contains any format specifier. The variable can be set
> >> via kdb_set() though by default it contains no format specifier.
> >>
> >> Using strscpy is conservatively safe for any mistakenly
> >> environment variable setting that leads to crash.
> >
> > This will result in a broken prompt on SMP machines. The default
> > prompt on an SMP machine includes the CPU number of the core that
> > is currently being debugged.
> >
> >
>
> Well, this patch only changes the line compiled for UP so it does not
> break the prompt on SMP.
Understood, but fixing the issue exclusively for UP machines isn't
really worth it.
> Anyway, do you think the patch should be
> revised to actually sanitize the format string instead of
> conservatively ignoring them?
You mean adding a special case to kdb_set() to special case the setting
of PROMPT. Certainly possible although it might be simpler just to
forbid setting the prompt if KDB_ENABLE_MEM_READ isn't set.
Daniel.
_______________________________________________
Kgdb-bugreport mailing list
Kgdb-bugreport@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kgdb-bugreport
