[PATCH] ubifs: fix snprintf() length check

Dan Carpenter dan.carpenter at oracle.com
Tue Nov 9 03:50:51 PST 2021


The snprintf() function returns the number of bytes (not including the
NUL terminator) which would have been printed if there were enough
space.  So it can be greater than UBIFS_DFS_DIR_LEN.  And actually if
it equals UBIFS_DFS_DIR_LEN then that's okay so this check is too
strict.

Fixes: 9a620291fc01 ("ubifs: Export filesystem error counters")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
---
 fs/ubifs/sysfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ubifs/sysfs.c b/fs/ubifs/sysfs.c
index 0eb3d7d12450..7acc5a74e5fa 100644
--- a/fs/ubifs/sysfs.c
+++ b/fs/ubifs/sysfs.c
@@ -100,7 +100,7 @@ int ubifs_sysfs_register(struct ubifs_info *c)
 	n = snprintf(dfs_dir_name, UBIFS_DFS_DIR_LEN + 1, UBIFS_DFS_DIR_NAME,
 		     c->vi.ubi_num, c->vi.vol_id);
 
-	if (n == UBIFS_DFS_DIR_LEN) {
+	if (n > UBIFS_DFS_DIR_LEN) {
 		/* The array size is too small */
 		ret = -EINVAL;
 		goto out_free;
-- 
2.20.1




More information about the linux-mtd mailing list