On Tue, Sep 07, 2010 at 06:38:05AM -0700, mark gross wrote: > > spin_unlock_irqrestore(&pm_qos_lock, flags); > > @@ -374,10 +374,12 @@ static ssize_t pm_qos_power_write(struct file *filp, const char __user *buf, > > } else if (count == 11) { /* len('0x12345678/0') */ > > if (copy_from_user(ascii_value, buf, 11)) > > return -EFAULT; > > + if (strlen(ascii_value) > 10) > should be != > > > + return -EINVAL; > > x = sscanf(ascii_value, "%x", &value); > > if (x != 1) > > return -EINVAL; With the original code you could do: char buf[11]; /* must be 11 chars */ snprintf(buf, sizeof(buf), "0x%x", 42); write(fd, buf, sizeof(buf)); But the new code is stricter so the number would have to be zero padded. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html