On Thu July 22 2010 17:52:02 Dan Carpenter wrote:
snprintf() returns the number of characters that would have been written
(not counting the NUL character). So we can't use it as the limiter to
simple_read_from_buffer() without capping it first at sizeof(buf).
Signed-off-by: Dan Carpenter
On Fri, Jul 23, 2010 at 05:44:14PM +0900, Bruno Randolf wrote:
i think it would be better to make sure the buffer is always big enough to
hold all the output (it's not very variable in length), but as a safety net
this can't hurt.
This is a smatch thing. I suppose someday I will fix
Bruno Randolf schrieb:
@@ -766,6 +781,9 @@ static ssize_t read_file_queue(struct file *file, char
__user *user_buf, len += snprintf(buf+len, sizeof(buf)-len, len: %d\n,
n);
}
+if (len sizeof(buf))
+len = sizeof(buf);
+
return
On Fri, 2010-07-23 at 12:04 +0200, Dan Carpenter wrote:
This is a smatch thing. I suppose someday I will fix smatch to
evaulate the strings themselves and verify that the buffer is large
enough. But for now it's nice to be able to automatically check that
the buffers don't overflow.
There
On Fri, Jul 23, 2010 at 10:48 AM, Joe Perches j...@perches.com wrote:
There are also many repeated uses of snprintf in kernel sources
that could similarly be a problem.
bar += snprintf(foo + bar, ...)
bar += snprintf(foo + bar, ...)
or
foo += snprintf(foo, ...)
snprintf() returns the number of characters that would have been written
(not counting the NUL character). So we can't use it as the limiter to
simple_read_from_buffer() without capping it first at sizeof(buf).
Signed-off-by: Dan Carpenter erro...@gmail.com
diff --git
On 07/22/2010 10:52 AM, Dan Carpenter wrote:
snprintf() returns the number of characters that would have been written
(not counting the NUL character). So we can't use it as the limiter to
simple_read_from_buffer() without capping it first at sizeof(buf).
Doesn't scnprintf make more sense
On Thu, Jul 22, 2010 at 10:56:13AM +0200, Jiri Slaby wrote:
On 07/22/2010 10:52 AM, Dan Carpenter wrote:
snprintf() returns the number of characters that would have been written
(not counting the NUL character). So we can't use it as the limiter to
simple_read_from_buffer() without
