On Tue, Sep 05, 2023 at 07:27:47AM +0200, Marion & Christophe JAILLET wrote: > > > > The other snprintf in the same file also looks suspect. > > It looks correct to me. > > And HPRE_DBGFS_VAL_MAX_LEN being 20, it doesn't really matter. The string > can't be truncated with just a "%u\n". > drivers/crypto/hisilicon/hpre/hpre_main.c 884 ret = snprintf(tbuf, HPRE_DBGFS_VAL_MAX_LEN, "%u\n", val); 885 return simple_read_from_buffer(buf, count, pos, tbuf, ret); You can't pass the return value from snprintf() to simple_read_from_buffer(). Otherwise the snprintf() checking turned a sprintf() write overflow into a read overflow, which is less bad but not ideal. It needs to be scnprintf(). regards, dan carpenter
