> the array buf[] is actually buf[count], so if count < 64 then > sizeof(buf) < sizeof(in) and you're copying whatever is after buf on > the stack or wherever it comes from. The amount you copy into in[] > truly has to be the smaller of count and sizeof(in). These are file > operations, so you shouldn't rely on buf[] being null terminated > (kernfs ensures it is, but it's a dangerous thing to rely on in the > face of someone trying to exploit a stack smashing attack). Should we send patchv3 which is back to v1, or we directly use patchv1 to continue the reviewing? Thanks!
