From 52a4be2cc93d106c028a3a08b779f37f89482ebb Mon Sep 17 00:00:00 2001 From: Mike Waychison Date: Thu, 25 Aug 2011 09:47:38 +1000 Subject: [PATCH] Currently in oprofilefs, files that use ulong_fops mis-handle writes of zero length. A count of 0 causes oprofilefs_ulong_from_user to return 0 (success), which then leads to oprofile_set_ulong being called to stuff "value" into file->private_data without it being initialized. Fix this by moving the check for a zero-length write up into ulong_write_file. Signed-off-by: Mike Waychison Cc: Robert Richter Signed-off-by: Andrew Morton --- drivers/oprofile/oprofilefs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c index d0de6cc2d7a5..87506ecdd942 100644 --- a/drivers/oprofile/oprofilefs.c +++ b/drivers/oprofile/oprofilefs.c @@ -65,9 +65,6 @@ int oprofilefs_ulong_from_user(unsigned long *val, char const __user *buf, size_ char tmpbuf[TMPBUFSIZE]; unsigned long flags; - if (!count) - return 0; - if (count > TMPBUFSIZE - 1) return -EINVAL; @@ -97,6 +94,8 @@ static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_ if (*offset) return -EINVAL; + if (count == 0) + return 0; retval = oprofilefs_ulong_from_user(&value, buf, count); if (retval) -- 2.39.5