projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0a5c33e)
NFSD: Correct the size calculation in fault_inject_write
authorBryan Schumaker <bjschuma@netapp.com>
Fri, 7 Dec 2012 21:17:29 +0000 (16:17 -0500)
committerJ. Bruce Fields <bfields@redhat.com>
Mon, 10 Dec 2012 23:24:22 +0000 (18:24 -0500)
If len == 0 we end up with size = (0 - 1), which could cause bad things
to happen in copy_from_user().

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
fs/nfsd/fault_inject.c patch | blob | blame | history

diff --git a/fs/nfsd/fault_inject.c b/fs/nfsd/fault_inject.c
index 7a7b079fbdb185530712bdb811289533d358d649..e761ee95617fda7d1a388a4da38fec6712ae6a0c 100644 (file)
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c
@@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
                                  size_t len, loff_t *ppos)
 {
        char write_buf[INET6_ADDRSTRLEN];
-       size_t size = min(sizeof(write_buf), len) - 1;
+       size_t size = min(sizeof(write_buf) - 1, len);
        struct net *net = current->nsproxy->net_ns;
        struct sockaddr_storage sa;
        u64 val;