0a6047eef1
The recent vsnprintf() fix introduced an off-by-one, and it's now possible to overrun the target buffer by one byte. The "end" pointer points to past the end of the buffer, so if we have to truncate the result, it needs to be done though "end[-1]". [ This is just an alternate and simpler patch to one proposed by Andrew and Jeremy, who actually noticed the problem ] Acked-by: Andrew Morton <akpm@osdl.org> Acked-by: Jeremy Fitzhardinge <jeremy@goop.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
||
---|---|---|
.. | ||
reed_solomon | ||
zlib_deflate | ||
zlib_inflate | ||
.gitignore | ||
bitmap.c | ||
bust_spinlocks.c | ||
cmdline.c | ||
cpumask.c | ||
crc-ccitt.c | ||
crc16.c | ||
crc32.c | ||
crc32defs.h | ||
ctype.c | ||
dec_and_lock.c | ||
div64.c | ||
dump_stack.c | ||
errno.c | ||
extable.c | ||
find_next_bit.c | ||
gen_crc32table.c | ||
genalloc.c | ||
halfmd4.c | ||
hweight.c | ||
idr.c | ||
inflate.c | ||
int_sqrt.c | ||
iomap.c | ||
iomap_copy.c | ||
Kconfig | ||
Kconfig.debug | ||
kernel_lock.c | ||
klist.c | ||
kobject.c | ||
kobject_uevent.c | ||
kref.c | ||
libcrc32c.c | ||
Makefile | ||
parser.c | ||
percpu_counter.c | ||
plist.c | ||
prio_tree.c | ||
radix-tree.c | ||
rbtree.c | ||
rwsem-spinlock.c | ||
rwsem.c | ||
semaphore-sleepers.c | ||
sha1.c | ||
smp_processor_id.c | ||
sort.c | ||
spinlock_debug.c | ||
string.c | ||
swiotlb.c | ||
textsearch.c | ||
ts_bm.c | ||
ts_fsm.c | ||
ts_kmp.c | ||
vsprintf.c |