Date: Thu, 20 Aug 2020 08:33:32 +0200 From: Gary Jennejohn <gljennjohn@gmail.com> To: freebsd-current@freebsd.org Subject: PRINTF_BUFR_SIZE dangerous? Message-ID: <20200820083332.59d7fbbb@ernst.home>
next in thread | raw e-mail | index | archive | help
It seems like PRINTF_BUFR_SIZE is a kernel fault waiting to happen. Only /usr/src/sys/cam/cam_xpt.c asserts that it's <= a maximum value of 512 bytes. /usr/src/sys/kern/tty.c uses it to malloc space without checking its size. /usr/src/sys/dev/xen/console/xen_console.c and /usr/src/sys/kern/subr_prf.c blindly use it to allocate a buffer on the kernel stack. /usr/src/sys/geom/geom_subr.c and /usr/src/sys/geom/geom_io.c check whether it's defined and set it to 64 if it isn't. Otherwise it's simply used to allocate a buffer on the kernel stack. A user who doesn't really understand the purpose of PRINTF_BUFR_SIZE might think "the bigger the better" and set it to be multi-megabytes in size. I may be paranoid, but it seems like PRINTF_BUFR_SIZE should be checked everywhere the way that cam_xpt.c does it. -- Gary Jennejohn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200820083332.59d7fbbb>