[PATCH v2 2/2] lib/vsprintf: Limit the returning size to INT_MAX

Next message: Richard Lyu: "[PATCH v2] leds: lm3642: use guard to simplify locking"
Previous message: Masami Hiramatsu (Google): "[PATCH v2 1/2] lib/vsprintf: Fix to check field_width and precision"
In reply to: Google: "Re: [PATCH v2 1/2] lib/vsprintf: Fix to check field_width and precision"
Next in thread: Petr Mladek: "Re: [PATCH v2 2/2] lib/vsprintf: Limit the returning size to INT_MAX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Masami Hiramatsu (Google)

Date: Thu Mar 19 2026 - 23:55:47 EST

From: Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>

The return value of vsnprintf() can overflow INT_MAX and return
a minus value. In the @size is checked input overflow, but it does
not check the output, which is expected required size.

This should never happen but it should be checked and limited.

Signed-off-by: Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>
---
lib/vsprintf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 32a164e2adf4..ea5e1d22ff8f 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -2985,7 +2985,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt_str, va_list args)
}

/* the trailing null byte doesn't count towards the total */
- return str-buf;
+ return WARN_ON_ONCE(str - buf > INT_MAX) ? INT_MAX : str - buf;

}
EXPORT_SYMBOL(vsnprintf);