On Thu, Jun 03, 2021 at 10:56:57PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> The comparison of len < 0 is always false because len is a size_t. Fix
> this by making len a ssize_t instead.
>
> Addresses-Coverity: ("Unsigned compared against 0")
> Fixes: d395381909a3 ("netdevsim: Add max_vfs to bus_dev")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> ---
> drivers/net/netdevsim/bus.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/netdevsim/bus.c b/drivers/net/netdevsim/bus.c
> index b56003dfe3cc..ccec29970d5b 100644
> --- a/drivers/net/netdevsim/bus.c
> +++ b/drivers/net/netdevsim/bus.c
> @@ -111,7 +111,7 @@ ssize_t nsim_bus_dev_max_vfs_read(struct file *file,
> {
> struct nsim_bus_dev *nsim_bus_dev = file->private_data;
> char buf[11];
> - size_t len;
> + ssize_t len;
>
> len = snprintf(buf, sizeof(buf), "%u\n", nsim_bus_dev->max_vfs);
> if (len < 0)
The snprintf() in the kernel can't return negatives, but if there isn't
enough space then it returns >= sizeof(buf) so this would lead to an
information leak. So the right thing to do is change it to scnprintf()
and delete the check if (len < 0) check.
regards,
dan carpenter
