On Fri, Jun 30, 2023 at 07:04:01PM +0800, Yiyuan Guo wrote: > In usb_string_copy(), when `strlen(s) == 0`, `str[ret - 1]` accesses at > index -1. Add a check to prevent buffer overrun when `s` is empty. It's an underrun, right? And how can strlen(s) ever be 0 here? How did you test this and how did you trigger it? And what commit id does this fix? And how was this found? thanks, greg k-h
