Subject: Re: CVS commit: src/sys
To: M. Warner Losh <>
From: Simon J. Gerraty <>
List: tech-kern
Date: 04/26/2004 15:51:44
>In message: <>
>   (Simon J. Gerraty) writes:
>: cp += snprintf(...)

>Maybe people shouldn't do that at all.  No need to have a cp +=
>safe_sprintf() because the code is still wrong in the buffer overflow
>case: if it returns 0, future uses of cp will be wrong.

Not so (and as someone pointed out, save_snprintf() should actually
return the amount of buffer consumed - which just happens to be 0 in
the case where there was no room left).

There's nothing wrong with doing a bunch of

cp += safe_snprintf(cp, ep - cp, ....)

followed by if (cp >= ep) oops!;
Ie. there is no overflow issue and you can detect the error as early/late
as you like.

>So what you propose would fix the 'negativge offset' issue, but not
>deeper issues.

What deeper issue?

Adding the means for safe_snprintf to panic when no space available
would be quite useful too.  Controlled by #if DIAGNOSTIC and/or a sysctl