snprintf can return a value bigger than the size of the buffer, in this case we return a size that is longer than the string.
Signed-off-by: Eric Sesterhenn <[email protected]> --- fs/debugfs/file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c index 6dabc4a10396..2a5cd7a088fc 100644 --- a/fs/debugfs/file.c +++ b/fs/debugfs/file.c @@ -904,6 +904,9 @@ static size_t u32_format_array(char *buf, size_t bufsize, char term = array_size ? ' ' : '\n'; len = snprintf(buf, bufsize, "%u%c", *array++, term); + if (len >= bufsize) + return ret+bufsize; + ret += len; buf += len; -- Eric Sesterhenn (Principal Security Consultant) X41 D-SEC GmbH, Dennewartstr. 25-27, D-52068 Aachen T: +49 241 9809418-0, Fax: -9 Unternehmenssitz: Aachen, Amtsgericht Aachen: HRB19989 Geschäftsführer: Markus Vervier
signature.asc
Description: OpenPGP digital signature
