Have done some testing. This issue cannot happen due to the protection in `configfs_write_iter()`: len = fill_write_buffer(buffer, from); if (len > 0) len = flush_write_buffer(file, buffer, len); Thanks for your patience, Yiyuan On Sat, Jul 1, 2023 at 3:48 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Fri, Jun 30, 2023 at 09:13:58PM +0800, yguoaz wrote: > > This is an underrun issue found by a static analysis tool (under > > research). > > Then you MUST follow our research rules in order to submit patches. > Please read and follow them, otherwise we have to reject all of your > submissions. > > > I suggest the patch because the code of usb_string_copy() > > rejects strings with length greater than USB_MAX_STRING_LEN, > > indicating a possibility for the input string `s` to contain unwanted > > data (e.g., being empty). For the empty string case, the proposed > > patch simply copies '\0' in `strcpy(str, s)` without touching index -1 > > of `str`. > > > > Whether `strlen(s)` could ever be zero in reality is up to the > > maintainer's judgement, since I have not worked with the subsystem. So > > please ignore the patch if it is ensured that `s` must be non-empty. > > Test it and see! > > good luck, > > greg k-h