Dan, What's your opinion on below alternative patch? In addition to yours it makes would-overflow visible. It does not check for output buffer having non-zero size but as callers are local with #defined buffer size I don't think that would be needed. Author: Bruno Prémont <bonbons@xxxxxxxxxxxxxxxxx> Date: Wed Sep 19 21:18:10 2012 +0200 Subject: HID: picoLCD: bounds check in dump_buff_as_hex() Make sure we keep enough space for terminating NUL character after last newline. If we have too much data, replace last byte with '.'s to make overflow visible. Using hex_dump_to_buffer() is not interesting as it adds more overhead and does not append the trailing linefeed. Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: Bruno Prémont <bonbons@xxxxxxxxxxxxxxxxx> --- drivers/hid/hid-picolcd_debugfs.c | 14 ++++++++------ 1 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/hid/hid-picolcd_debugfs.c b/drivers/hid/hid-picolcd_debugfs.c index 868853a..c5c2fd9 100644 --- a/drivers/hid/hid-picolcd_debugfs.c +++ b/drivers/hid/hid-picolcd_debugfs.c @@ -381,16 +381,16 @@ static void dump_buff_as_hex(char *dst, size_t dst_sz, const u8 *data, const size_t data_len) { int i, j; - for (i = j = 0; i < data_len && j + 3 < dst_sz; i++) { + for (i = j = 0; i < data_len && j + 4 < dst_sz; i++) { dst[j++] = hex_asc[(data[i] >> 4) & 0x0f]; dst[j++] = hex_asc[data[i] & 0x0f]; dst[j++] = ' '; } - if (j < dst_sz) { - dst[j--] = '\0'; - dst[j] = '\n'; - } else - dst[j] = '\0'; + dst[j] = '\0'; + if (j > 0) + dst[j-1] = '\n'; + if (i < data_len && j > 2) + dst[j-2] = dst[j-3] = '.'; } void picolcd_debug_out_report(struct picolcd_data *data, -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html