Thread (4 messages) 4 messages, 3 authors, 2d ago

Re: [PATCH] qede: Prevent possible snprintf() truncation by bounding %s string format

From: Breno Leitao <leitao@debian.org>
Date: 2026-07-01 15:27:22
Also in: lkml

On Wed, Jul 01, 2026 at 05:47:11PM +0300, Baran Tuna wrote:
quoted hunk ↗ jump to hunk
GCC warning shows that formatted strings may
exceed the fixed-size destination buffers.

Bounding the %s string format
so the maximum formatted output always fits.

This eliminates the -Wformat-truncation warning.

Signed-off-by: Baran Tuna <redacted>
---
 drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qede/qede_ethtool.c b/drivers/net/ethernet/qlogic/qede/qede_ethtool.c
index 647f30a16a94..5428f53150a0 100644
--- a/drivers/net/ethernet/qlogic/qede/qede_ethtool.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_ethtool.c
@@ -618,10 +618,10 @@ static void qede_get_drvinfo(struct net_device *ndev,
 	if ((strlen(storm) + strlen("[storm]")) <
 	    sizeof(info->version))
 		snprintf(info->version, sizeof(info->version),
-			 "[storm %s]", storm);
+			 "[storm %.16s]", storm);
Where is this 16 coming from?

Also, isn't the if above checking for no overflow? I.e, 
we got here only if strlen(storm) + strlen("[storm]") < sizeof(info->version))

For whoever else is reviwewing this, this the buffers:

	#define ETHTOOL_FWVERS_LEN      32
        char    version[32];
	char storm[ETHTOOL_FWVERS_LEN];
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help