I have a question about the function parsed for reading a procfs entry.
I've used the skeleton from drivers/char/misc.c, and all works
perfectly, but I see a potential flaw.
static int misc_read_proc(char *buf, char **start, off_t offset,
int len, int *eof, void *private)
{
.
.
written=0;
for (p = misc_list.next; p != &misc_list && written < len;
p = p->next) {
written += sprintf(buf+written, "%3i %s\n",p->minor,
p->name ?: "");
if (written < offset) {
offset -= written;
written = 0;
}
}
.
.
As I see it, there is a possibility to write beyond buf+len.
(if len<5)
If so is it ok, or should this be avoided at all cost?
TIA
Anders Fugmann
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/