scripts: modpost: detect and report truncated buf_printf() output

buf_printf() uses a fixed-size stack buffer. vsnprintf() returns the
number of bytes that *would* have been written to that buffer, which can
be larger than the size of said buffer if the formatted string is too
long.

The problem is that whenever this happens buf_printf() currently passes
this length, unchecked, to buf_write(), which silently reads past the
stack buffer and copies invalid data into the output buffer.

Fix this by detecting vsnprintf() failures and truncations before
appending to the output buffer, and report a fatal error instead of
producing corrupt symbol names.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Link: https://patch.msgid.link/20260527-nova-exports-v2-1-06de4c556d55@nvidia.com
Signed-off-by: Nathan Chancellor <nathan@kernel.org>

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index abbcd3fc139498924c47e549e8da3982abd0cd06..0d2f1f09019bafc31d291daad91b4b9c285b7ddf 100644 (file)
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1689,8 +1689,17 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
 
        va_start(ap, fmt);
        len = vsnprintf(tmp, SZ, fmt, ap);
-       buf_write(buf, tmp, len);
        va_end(ap);
+
+       if (len < 0) {
+               perror("vsnprintf failed");
+               exit(1);
+       }
+       if (len >= SZ)
+               fatal("buf_printf output truncated for string %s: %d bytes needed, %d available\n",
+                     tmp, len + 1, SZ);
+
+       buf_write(buf, tmp, len);
 }
 
 void buf_write(struct buffer *buf, const char *s, int len)