On Wed, Aug 12, 2015 at 11:05:58PM +0530, Chandra S Gorentla wrote:
> - if (copy_from_user(buffer, buf, count)) {
> + ret = simple_write_to_buffer(buffer, sizeof(buffer), ppos, buf, count);
This part doesn't make sense. Use copy_from_user(). Also it's not NUL
terminated so it leads to a read past the end of the array later. In
the original code, we just looked at the first char and didn't use
kstrtoint() so we didn't care about NUL termination.
regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
