On Thu, Aug 13, 2020 at 01:19:18PM -0400, Josef Bacik wrote:
> > in sunrpc proc_dodebug() turns into
> > left -= snprintf(buffer, left, "0x%04x\n",
^^^^
left + 1, that is.
> > *(unsigned int *) table->data);
> > and that's not the only example.
> >
>
> We wouldn't even need the extra +1 part, since we're only copying in how
> much the user wants anyway, we could just go ahead and convert this to
>
> left -= snprintf(buffer, left, "0x%04x\n", *(unsigned int *) table->data);
>
> and be fine, right? Or am I misunderstanding what you're looking for?
> Thanks,
snprintf() always produces a NUL-terminated string. And if you are passing 7 as
len, you want 0xf0ad\n to be copied to user. For that you need 8 passed to
snprintf, and 8-byte buffer given to it.
