Re: [PATCH v3 1/2] lib/vsprintf: Fix to check field_width and precision

[Google]

On Tue, 24 Mar 2026 17:24:33 +0000
David Laight <david.laight.linux@xxxxxxxxx> wrote:

> On Tue, 24 Mar 2026 17:45:49 +0100
> Petr Mladek <pmladek@xxxxxxxx> wrote:
> 
> > On Mon 2026-03-23 13:59:05, David Laight wrote:
> ...
> > > I've also just fixed nolibc's handling of %*.*s (which is in 'next' since
> > > I only wrote it recently), the above is actually broken.
> > > Negative 'precision' (all values) are fine, they just request the default.  
> > 
> > Great catch! We should clamp the precision to (0, PRECISION_MAX). But we
> > should warn only when it is outside of (-PRECISION_MAX, PRECISION_MAX).
> 
> No, you are going to clamp it needs to be to (-1, PRECISION_MAX);
> but max(precision, PRECISION_MAX) if fine now the value is being saved
> in an int.
> And there is no need to warn about changing negative values - they
> all mean exactly the same thing.

Ah, indeed.

"A negative precision is taken as if the precision were omitted."

> There isn't actually any need to worry about large precision values
> for %s - they request truncation, precision only increases the output
> for numbers.
> 
> > 
> > > So the patch needs a big fat NACK...  
> > 
> > What is an acceptable solution then, please?
> 
> You could do:
> 	spec->precision = clamp(prec, -1, PRECISION_MAX);
> 	if (spec->precision < prec)
> 		WARN(...);
> 
> 	David

Ah, that looks good to me. Let me update it.

Thanks,

> 
> > 
> > Frankly, I would like to stay on earth. This started as a simple fix
> > of a regression added a year ago. For me, any solution which
> > restores the year old behavior is good enough.
> > 
> > We might need to find another volunteer to implement a better
> > solution, e.g. the new non-panicing MSG_AND_BT() macro.
> > 
> > Alternatively, we could remove the WARN_ONCE() completely.
> > It looks acceptable for me. But Rasmus would need to agree as well.
> > 
> > Best Regards,
> > Petr
> 


-- 
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>