Andy Shevchenko <andy.shevche...@gmail.com> writes:
> On Mon, Aug 24, 2015 at 5:32 PM, Alexander Shishkin
> <alexander.shish...@linux.intel.com> wrote:
>> + /* trim the buffer to the supplied boundary */
>> + len = strlen(buffer);
>> + if (len >= attr->perf_err_size) {
>> + len = attr->perf_err_size - 1;
>> + buffer[len] = 0;
>> + }
>
> len = strnlen(buffer, attr->perf_err_size);
> buffer[len] = 0;
>
> And perhaps perf_err_size has to be length (perf_err_len) ?
>
>> +
>> + if (copy_to_user((void __user *)attr->perf_err, buffer, len + 1)) {
>> + /* if we failed to copy once, don't bother later */
>> + attr->perf_err_size = 0;
>
> Kaboom next time on buffer[-1] = 0; since len >= 0?
Of course, we never get here if attr::perf_err_size is 0, there's an
explicit check for that, but nice try.
Regards,
--
Alex
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
