Re: [PATCH] RDMA/ocrdma: Fix an off-by-one issue in 'ocrdma_add_stat'
From: Jason Gunthorpe
Date: Thu Apr 16 2020 - 14:48:02 EST
On Thu, Apr 16, 2020 at 04:08:47PM +0300, Dan Carpenter wrote:
> On Tue, Apr 14, 2020 at 03:34:41PM -0300, Jason Gunthorpe wrote:
> > The memcpy is still kind of silly right? What about this:
> >
> > static int ocrdma_add_stat(char *start, char *pcur, char *name, u64 count)
> > {
> > size_t len = (start + OCRDMA_MAX_DBGFS_MEM) - pcur;
> > int cpy_len;
> >
> > cpy_len = snprintf(pcur, len, "%s: %llu\n", name, count);
> > if (cpy_len >= len || cpy_len < 0) {
>
> The kernel version of snprintf() doesn't and will never return
> negatives. It would cause a huge security headache if it started
> returning negatives.
Begs the question why it returns an int then :)
Thanks,
Jason