caif: handle snprintf() return
authorDan Carpenter <error27@gmail.com>
Sun, 25 Jul 2010 21:23:59 +0000 (21:23 +0000)
committerDavid S. Miller <davem@davemloft.net>
Tue, 27 Jul 2010 04:05:03 +0000 (21:05 -0700)
snprintf() returns the number of bytes that would have been written.  It
can be larger than the size of the buffer.  The current code won't
overflow, but people cut and paste this stuff so lets do it right and
also make the static checkers happy.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/caif/caif_spi.c

index 6c948037fc78af607eb64c0a40fae04d60cd5d78..f5058ff2b210da07dd1411bdd8a12f1dafe9ddb2 100644 (file)
@@ -165,6 +165,9 @@ static ssize_t dbgfs_state(struct file *file, char __user *user_buf,
        len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),
                        "Next RX len: %d\n", cfspi->rx_npck_len);
 
+       if (len > DEBUGFS_BUF_SIZE)
+               len = DEBUGFS_BUF_SIZE;
+
        size = simple_read_from_buffer(user_buf, count, ppos, buf, len);
        kfree(buf);