Re: [PATCH] Cleanup: snprintf() always NUL-terminates: depend on it

[Linus Torvalds]

On Sun, Jan 4, 2015 at 10:05 AM, Giel van Schijndel <me@xxxxxxxxx> wrote:
> Especially since one very strange piece of code seems to be written in
> such a way that a NUL needs to be placed where a NUL is present already.

Actually, it's worse than that. This:

>         len = snprintf(fname, 99, "%s", buf);
> -       fname[len-1] = '\0';

is complete garbage, since the return value of snprintf() is not the
length of the result, but length of what the result *would* have been.

So if the string doesn't fit in 99 bytes, it will actively corrupt
some random memory after the string. It's not writing zero to what was
already zero, it's corrupting memory.

Anyway, from a quick glance your patches look fine, but you need to
sign off on them. See Documentation/SubmittingPatches.

                       Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/