On Thu, Aug 13, 2020 at 01:19:18PM -0400, Josef Bacik wrote: > > in sunrpc proc_dodebug() turns into > > left -= snprintf(buffer, left, "0x%04x\n", ^^^^ left + 1, that is. > > *(unsigned int *) table->data); > > and that's not the only example. > > > > We wouldn't even need the extra +1 part, since we're only copying in how > much the user wants anyway, we could just go ahead and convert this to > > left -= snprintf(buffer, left, "0x%04x\n", *(unsigned int *) table->data); > > and be fine, right? Or am I misunderstanding what you're looking for? Thanks, snprintf() always produces a NUL-terminated string. And if you are passing 7 as len, you want 0xf0ad\n to be copied to user. For that you need 8 passed to snprintf, and 8-byte buffer given to it.
