> len = snprintf(fname, 99, "%s", buf);
> - fname[len-1] = '\0';
Since it appears that's the only time len is actually used in that function can
you please remove the variable len completely as part of the patch?
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi"
Return value of snprintf is not bound by size value, 2nd argument.
(https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html).
Return value is number of printed chars, can be larger than 2nd argument.
Therefore, it can write null byte out of bounds ofbuffer.
Since snprintf puts null, it
2 matches
Mail list logo