off by one in sysfs

From: Jon Smirl
Date: Sat Jun 11 2005 - 22:01:52 EST

Next message: cutaway: "Re: [PATCH] local_irq_disable removal"
Previous message: Gene Heskett: "Re: [patch] Real-Time Preemption, -RT-2.6.12-rc6-V0.7.48-00"
Next in thread: Jon Smirl: "Re: off by one in sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sysfs/file.c

static int
fill_write_buffer(struct sysfs_buffer * buffer, const char __user *
buf, size_t count)
{
int error;

if (!buffer->page)
buffer->page = (char *)get_zeroed_page(GFP_KERNEL);
if (!buffer->page)
return -ENOMEM;

if (count >= PAGE_SIZE)
count = PAGE_SIZE - 1;
error = copy_from_user(buffer->page,buf,count);
buffer->needs_read_fill = 1;
return error ? -EFAULT : count;
}

count = PAGE_SIZE - 1;
should be
count = PAGE_SIZE;

Even if your are trying to zero terminate which is unneeded when there
is a count, the count still needs to include the zero otherwise it is
inconsistent when count is less than PAGE_SIZE. Why get a zero page
too?

My attribute is a color_map described by 255 lines of 15 chars plus \n.

--
Jon Smirl
jonsmirl@xxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: cutaway: "Re: [PATCH] local_irq_disable removal"
Previous message: Gene Heskett: "Re: [patch] Real-Time Preemption, -RT-2.6.12-rc6-V0.7.48-00"
Next in thread: Jon Smirl: "Re: off by one in sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]