From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: scripts: modpost: detect and report truncated buf_printf() output Date: Tue, 05 May 2026 10:17:58 +1000 Message-ID: In-Reply-To: <20260430-nova-exports-v1-1-7ca31664e983@nvidia.com> References: <20260430-nova-exports-v1-0-7ca31664e983@nvidia.com> <20260430-nova-exports-v1-1-7ca31664e983@nvidia.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Patch Review **Verdict: Good bugfix, should likely be submitted independently.** This is a genuine pre-existing bug. When `vsnprintf` returns `len >=3D SZ`,= the current code passes that unclamped length to `buf_write`, which reads = `len` bytes from a buffer that only has `SZ` bytes =E2=80=94 a classic buff= er over-read: ```c len =3D vsnprintf(tmp, SZ, fmt, ap); buf_write(buf, tmp, len); ``` The fix correctly checks both error return (`len < 0`) and truncation (`len= >=3D SZ`): ```c if (len < 0) { perror("vsnprintf failed"); exit(1); } if (len >=3D SZ) fatal("buf_printf output was truncated: %d bytes needed, %d available\n= ", len + 1, SZ); ``` Minor nits: 1. The error message says `%d available` but prints `SZ` (the buffer size).= Since `vsnprintf` reserves one byte for the NUL terminator, `SZ` is the bu= ffer capacity, not the available character count. `len + 1` is the needed b= ytes *including* NUL, and `SZ` is available *including* NUL, so this is con= sistent =E2=80=94 but it could be clearer. Consider wording like "needed %d= bytes but buffer is only %d" without the `+1`. 2. This patch is a standalone bugfix applicable to all of modpost, not Nova= -specific. It would benefit from being submitted separately or at minimum n= oted as such in the cover letter, since it could be picked up independently. --- Generated by Claude Code Patch Reviewer