From: Colin Ian King <colin.king@xxxxxxxxxxxxx> Reading and writing to mode[count - 1] implies the count should not be less than 1 so add a sanity check for this. Detected with CoverityScan, CID#1357345 ("Overflowed array index write") Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> --- drivers/scsi/fcoe/fcoe_sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c index 9cf3d56296ab..e298240c728c 100644 --- a/drivers/scsi/fcoe/fcoe_sysfs.c +++ b/drivers/scsi/fcoe/fcoe_sysfs.c @@ -288,7 +288,7 @@ static ssize_t store_ctlr_mode(struct device *dev, struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev); char mode[FCOE_MAX_MODENAME_LEN + 1]; - if (count > FCOE_MAX_MODENAME_LEN) + if (count < 1 || count > FCOE_MAX_MODENAME_LEN) return -EINVAL; strncpy(mode, buf, count); -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html