1. Patchew
  2. linux
  3. [PATCH 0/4] lib/vsprintf: assorted bug fixes
  4. View patch

[PATCH 4/4] lib/vsprintf: add missing (u8) cast in format_decode() lookup

Josh Law posted 4 patches 1 week, 2 days ago
[PATCH 4/4] lib/vsprintf: add missing (u8) cast in format_decode() lookup
Posted by Josh Law 1 week, 2 days ago 
The first lookup into the format_state table correctly casts to (u8)
at line 2778, but the second lookup after consuming a length qualifier
does not. On signed-char platforms, a byte >= 0x80 sign-extends to a
negative index, reading before the array.

Add the same (u8) cast for consistency.

Signed-off-by: Josh Law <objecting@objecting.org>
---
 lib/vsprintf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 2758096b6f53..3108823e8c22 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -2783,7 +2783,7 @@ struct fmt format_decode(struct fmt fmt, struct printf_spec *spec)
 			fmt.str++;
 		}
 		fmt.str++;
-		p = lookup_state + *fmt.str;
+		p = lookup_state + (u8)*fmt.str;
 	}
 	if (p->state) {
 		if (p->base)
-- 
2.34.1
Re: [PATCH 4/4] lib/vsprintf: add missing (u8) cast in format_decode() lookup
Posted by Petr Mladek 2 days, 12 hours ago 
On Tue 2026-03-24 22:49:40, Josh Law wrote:
> The first lookup into the format_state table correctly casts to (u8)
> at line 2778, but the second lookup after consuming a length qualifier
> does not. On signed-char platforms, a byte >= 0x80 sign-extends to a
> negative index, reading before the array.
> 
> Add the same (u8) cast for consistency.
> 
> Signed-off-by: Josh Law <objecting@objecting.org>
> ---
>  lib/vsprintf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> index 2758096b6f53..3108823e8c22 100644
> --- a/lib/vsprintf.c
> +++ b/lib/vsprintf.c
> @@ -2783,7 +2783,7 @@ struct fmt format_decode(struct fmt fmt, struct printf_spec *spec)
>  			fmt.str++;
>  		}
>  		fmt.str++;
> -		p = lookup_state + *fmt.str;
> +		p = lookup_state + (u8)*fmt.str;
>  	}
>  	if (p->state) {
>  		if (p->base)

This makes sense. Even though the current code is safe as pointed
out by Andy.

Reviewed-by: Petr Mladek <pmladek@suse.com>

Best Regards,
Petr
Re: [PATCH 4/4] lib/vsprintf: add missing (u8) cast in format_decode() lookup
Posted by Josh Law 2 days, 12 hours ago 
---- On Tue, 31 Mar 2026 15:33:53 +0100 pmladek@suse.com wrote ----


> On Tue 2026-03-24 22:49:40, Josh Law wrote:
> > The first lookup into the format_state table correctly casts to (u8)
> > at line 2778, but the second lookup after consuming a length qualifier
> > does not. On signed-char platforms, a byte >= 0x80 sign-extends to a
> > negative index, reading before the array.
> >
> > Add the same (u8) cast for consistency.
> >
> > Signed-off-by: Josh Law
>
> > ---
> > lib/vsprintf.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> > index 2758096b6f53..3108823e8c22 100644
> > --- a/lib/vsprintf.c
> > +++ b/lib/vsprintf.c
> > @@ -2783,7 +2783,7 @@ struct fmt format_decode(struct fmt fmt, struct
> printf_spec *spec)
> >             fmt.str++;
> >         }
> >         fmt.str++;
> > -        p = lookup_state + *fmt.str;
> > +        p = lookup_state + (u8)*fmt.str;
> >     }
> >     if (p->state) {
> >         if (p->base)
>
> This makes sense. Even though the current code is safe as pointed
> out by Andy.
>
> Reviewed-by: Petr Mladek
>
> Best Regards,
> Petr


Yeah, better safe than sorry in my opinion.


Thanks for the review petr!
Re: [PATCH 4/4] lib/vsprintf: add missing (u8) cast in format_decode() lookup
Posted by Josh Law 2 days, 12 hours ago 
---- On Tue, 31 Mar 2026 15:33:53 +0100 pmladek@suse.com wrote ----


> On Tue 2026-03-24 22:49:40, Josh Law wrote:
> > The first lookup into the format_state table correctly casts to (u8)
> > at line 2778, but the second lookup after consuming a length qualifier
> > does not. On signed-char platforms, a byte >= 0x80 sign-extends to a
> > negative index, reading before the array.
> >
> > Add the same (u8) cast for consistency.
> >
> > Signed-off-by: Josh Law
>
> > ---
> > lib/vsprintf.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> > index 2758096b6f53..3108823e8c22 100644
> > --- a/lib/vsprintf.c
> > +++ b/lib/vsprintf.c
> > @@ -2783,7 +2783,7 @@ struct fmt format_decode(struct fmt fmt, struct
> printf_spec *spec)
> >             fmt.str++;
> >         }
> >         fmt.str++;
> > -        p = lookup_state + *fmt.str;
> > +        p = lookup_state + (u8)*fmt.str;
> >     }
> >     if (p->state) {
> >         if (p->base)
>
> This makes sense. Even though the current code is safe as pointed
> out by Andy.
>
> Reviewed-by: Petr Mladek
>
> Best Regards,
> Petr


Yeah, better safe than sorry in my opinion.


Thanks for the review petr!
Re: [PATCH 4/4] lib/vsprintf: add missing (u8) cast in format_decode() lookup
Posted by Andy Shevchenko 1 week, 1 day ago 
On Tue, Mar 24, 2026 at 10:49:40PM +0000, Josh Law wrote:
> The first lookup into the format_state table correctly casts to (u8)
> at line 2778, but the second lookup after consuming a length qualifier
> does not. On signed-char platforms, a byte >= 0x80 sign-extends to a
> negative index, reading before the array.
> 
> Add the same (u8) cast for consistency.

Maybe yes, but get familiar on how the Linux kernel is built.
There is no such possibility IRL with this project since a commit
in the past. Feel free to find what I meant as your learning curve.

-- 
With Best Regards,
Andy Shevchenko

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.