From a95898114059e1038f3f7ee9bd2e43aefa62709a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 12 Aug 2010 09:50:09 +0200 Subject: serial: mfd: snprintf() returns largish values snprintf() returns the number of bytes which would have been written so it can be larger than the size of the buffer. In this case it's fine, but people copy and paste this code so I've fixed it. Signed-off-by: Dan Carpenter Acked-by: Feng Tang Signed-off-by: Greg Kroah-Hartman --- drivers/serial/mfd.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'drivers/serial/mfd.c') diff --git a/drivers/serial/mfd.c b/drivers/serial/mfd.c index 5dff45c76d32..ad35130cd8a0 100644 --- a/drivers/serial/mfd.c +++ b/drivers/serial/mfd.c @@ -172,6 +172,9 @@ static ssize_t port_show_regs(struct file *file, char __user *user_buf, len += snprintf(buf + len, HSU_REGS_BUFSIZE - len, "DIV: \t\t0x%08x\n", serial_in(up, UART_DIV)); + if (len > HSU_REGS_BUFSIZE) + len = HSU_REGS_BUFSIZE; + ret = simple_read_from_buffer(user_buf, count, ppos, buf, len); kfree(buf); return ret; @@ -219,6 +222,9 @@ static ssize_t dma_show_regs(struct file *file, char __user *user_buf, len += snprintf(buf + len, HSU_REGS_BUFSIZE - len, "D0TSR: \t\t0x%08x\n", chan_readl(chan, HSU_CH_D3TSR)); + if (len > HSU_REGS_BUFSIZE) + len = HSU_REGS_BUFSIZE; + ret = simple_read_from_buffer(user_buf, count, ppos, buf, len); kfree(buf); return ret; -- cgit v1.2.1