----- On Jul 25, 2019, at 9:11 PM, Daniel Thompson daniel.thomp...@linaro.org
wrote:
> On Thu, Jul 25, 2019 at 08:10:33PM +0800, Wang Xiayang wrote:
>>
>> ----- On Jul 25, 2019, at 5:44 PM, Daniel Thompson daniel.thomp...@linaro.org
>> wrote:
>>
>> > On Thu, Jul 25, 2019 at 01:33:45PM +0800, Wang Xiayang wrote:
>> >> As commit a86028f8e3ee ("staging: most: sound: replace snprintf
>> >> with strscpy") suggested, using snprintf without a format
>> >> specifier is potentially risky if the PROMPT environment
>> >> variable contains any format specifier. The variable can be set
>> >> via kdb_set() though by default it contains no format specifier.
>> >>
>> >> Using strscpy is conservatively safe for any mistakenly
>> >> environment variable setting that leads to crash.
>> >
>> > This will result in a broken prompt on SMP machines. The default
>> > prompt on an SMP machine includes the CPU number of the core that
>> > is currently being debugged.
>> >
>> >
>>
>> Well, this patch only changes the line compiled for UP so it does not
>> break the prompt on SMP.
>
> Understood, but fixing the issue exclusively for UP machines isn't
> really worth it.
>
>
>> Anyway, do you think the patch should be
>> revised to actually sanitize the format string instead of
>> conservatively ignoring them?
>
> You mean adding a special case to kdb_set() to special case the setting
> of PROMPT. Certainly possible although it might be simpler just to
> forbid setting the prompt if KDB_ENABLE_MEM_READ isn't set.
>
OK. I will just drop this patch. Thank you.
_______________________________________________
Kgdb-bugreport mailing list
Kgdb-bugreport@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kgdb-bugreport
