Page MenuHomeFreeBSD
Differential D24760

remove %n support from printf(9)
ClosedPublic
Actions

Authored by emaste on May 8 2020, 2:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 29 2024, 1:32 AM
Unknown Object (File)
Jan 18 2024, 9:22 AM
Unknown Object (File)
Jan 14 2024, 6:18 AM
Unknown Object (File)
Jan 1 2024, 5:13 AM
Unknown Object (File)
Jan 1 2024, 5:13 AM
Unknown Object (File)
Jan 1 2024, 5:13 AM
Unknown Object (File)
Dec 28 2023, 9:44 PM
Unknown Object (File)
Dec 20 2023, 6:33 AM
View All 24 Files
Subscribers
gordon
imp
lwhsu
philip

Details

Reviewers
cem
philip
gordon
Group Reviewers
manpages
Commits
rS360849: remove %n support from printf(9)
Summary

It can be dangerous and there is no need for it in the kernel. Inspired by Kees Cook's change in Linux, and later OpenBSD.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste requested review of this revision.May 8 2020, 2:15 PM
emaste created this revision.
cem accepted this revision.May 8 2020, 3:25 PM
This revision is now accepted and ready to land.May 8 2020, 3:25 PM
lwhsu added a subscriber: lwhsu.May 8 2020, 6:37 PM
gordon added a subscriber: gordon.May 8 2020, 10:21 PM

Have we checked to see how often this is used in tree?

emaste added a comment.EditedMay 8 2020, 11:08 PM
In D24760#545153, @gordon wrote:

Have we checked to see how often this is used in tree?

It's not. grepping sys turns up a couple of sscanfs and a bunch of unrelated %ns.

philip accepted this revision.May 9 2020, 1:42 PM
philip added a subscriber: philip.

I double-checked @emaste's grep and likewise see no consumer of %n in callers of kernel printf(9).

gordon accepted this revision.May 9 2020, 3:53 PM

Looks good to me. I haven't tested it, but seeing as it is the same patch as OpenBSD's it should do what is expected.

Closed by commit rS360849: remove %n support from printf(9) (authored by emaste). · Explain WhyMay 9 2020, 3:56 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rS360849: remove %n support from printf(9).
Herald added a reviewer: manpages. · View Herald TranscriptMay 9 2020, 3:56 PM
Herald added a subscriber: imp. · View Herald Transcript
imp added a comment.May 9 2020, 5:05 PM

Can we hack clang to warn? Or enable a clang option?

imp added a comment.May 9 2020, 5:07 PM

Or noisily complain / panic?

cem added a comment.May 9 2020, 5:49 PM
In D24760#545321, @imp wrote:

Or noisily complain / panic?

I think this should do it:

--- a/contrib/llvm-project/clang/lib/AST/PrintfFormatString.cpp
+++ b/contrib/llvm-project/clang/lib/AST/PrintfFormatString.cpp
@@ -316,8 +316,8 @@ static PrintfSpecifierResult ParsePrintfSpecifier(FormatStringHandler &H,
     case 'g': k = ConversionSpecifier::gArg; break;
     case 'i': k = ConversionSpecifier::iArg; break;
     case 'n':
-      // Not handled, but reserved in OpenCL.
-      if (!LO.OpenCL)
+      // Not handled, but reserved in OpenCL and FreeBSD kernel.
+      if (!LO.OpenCL && !isFreeBSDKPrintf)
         k = ConversionSpecifier::nArg;
       break;
     case 'o': k = ConversionSpecifier::oArg; break;
cem added a child revision: D24786: clang: Reject %n for __attribute__((format(__freebsd_kprintf__))).May 9 2020, 5:54 PM
imp added a comment.May 9 2020, 8:29 PM

Thanks cem

Revision Contents
Changeset List

PathSize
head/
share/
man/
man9/
8 lines
sys/
kern/
18 lines

Diff 71589

View Options

head/share/man/man9/printf.9

Loading...
View Options

head/sys/kern/subr_prf.c

Loading...