On Mon, Jan 05, 2009 at 11:18:38PM +0100, Geert Uytterhoeven wrote: > On Mon, 5 Jan 2009, Geert Uytterhoeven wrote: > > On Mon, 5 Jan 2009, Stephen Rothwell wrote: > > | strncat(buf, "\n", DM_NAME_LEN); > > | return strnlen(buf, DM_NAME_LEN); > > Probably the intention was to limit the string in _buf_ (not the source string > > "\n") to DM_NAME_LEN? If yes, this may cause a buffer overflow. Both the 'n's look bogus to me as runtime checks. But I think the code happens to work correctly - apart from your compilation problem. buf is always a page and both strings (name and uuid) are NULL-terminated and the longest possible is 128 chars of uuid plus the "\n" i.e. 130 (except for a bug I noticed on one code path which we'll fix). Alasdair -- agk@xxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
