The return value of snprintf is longer than expected if the string is
truncated. Bytes need to be checked here.

diff --git a/drivers/staging/wusbcore/host/hwa-hc.c
b/drivers/staging/wusbcore/host/hwa-hc.c
index 8d959e9..1475a48 100644
--- a/drivers/staging/wusbcore/host/hwa-hc.c
+++ b/drivers/staging/wusbcore/host/hwa-hc.c
@@ -680,10 +680,12 @@ static int hwahc_security_create(struct hwahc *hwahc)
                        break;
                }
                itr += etd->bLength;
-               bytes += snprintf(buf + bytes, sizeof(buf) - bytes,
-                                 "%s (0x%02x) ",
-                                 wusb_et_name(etd->bEncryptionType),
-                                 etd->bEncryptionValue);
+
+               if (sizeof(buf) > bytes)
+                       bytes += snprintf(buf + bytes, sizeof(buf) - bytes,
+                                       "%s (0x%02x) ",
+                                       wusb_et_name(etd->bEncryptionType),
+                                       etd->bEncryptionValue);
                wusbhc->ccm1_etd = etd;
        }
        dev_info(dev, "supported encryption types: %s\n", buf);
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Reply via email to