When copying data to user, it needs to determine the copy length. It is easier to understand using min() here. Signed-off-by: Li Zetao <lizetao1@xxxxxxxxxx> --- net/atm/addr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/atm/addr.c b/net/atm/addr.c index 0530b63f509a..6c4c942b2cb9 100644 --- a/net/atm/addr.c +++ b/net/atm/addr.c @@ -136,7 +136,7 @@ int atm_get_addr(struct atm_dev *dev, struct sockaddr_atmsvc __user * buf, unsigned long flags; struct atm_dev_addr *this; struct list_head *head; - int total = 0, error; + size_t total = 0, error; struct sockaddr_atmsvc *tmp_buf, *tmp_bufp; spin_lock_irqsave(&dev->lock, flags); @@ -155,7 +155,7 @@ int atm_get_addr(struct atm_dev *dev, struct sockaddr_atmsvc __user * buf, memcpy(tmp_bufp++, &this->addr, sizeof(struct sockaddr_atmsvc)); spin_unlock_irqrestore(&dev->lock, flags); error = total > size ? -E2BIG : total; - if (copy_to_user(buf, tmp_buf, total < size ? total : size)) + if (copy_to_user(buf, tmp_buf, min(total, size))) error = -EFAULT; kfree(tmp_buf); return error; -- 2.34.1
