The return value of snprintf is longer than expected if the string is truncated. Bytes need to be checked here. diff --git a/drivers/staging/wusbcore/host/hwa-hc.c b/drivers/staging/wusbcore/host/hwa-hc.c index 8d959e9..1475a48 100644 --- a/drivers/staging/wusbcore/host/hwa-hc.c +++ b/drivers/staging/wusbcore/host/hwa-hc.c @@ -680,10 +680,12 @@ static int hwahc_security_create(struct hwahc *hwahc) break; } itr += etd->bLength; - bytes += snprintf(buf + bytes, sizeof(buf) - bytes, - "%s (0x%02x) ", - wusb_et_name(etd->bEncryptionType), - etd->bEncryptionValue); + + if (sizeof(buf) > bytes) + bytes += snprintf(buf + bytes, sizeof(buf) - bytes, + "%s (0x%02x) ", + wusb_et_name(etd->bEncryptionType), + etd->bEncryptionValue); wusbhc->ccm1_etd = etd; } dev_info(dev, "supported encryption types: %s\n", buf); _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel