In yaffs_proc_write
static int yaffs_proc_write(struct file *file, const char *buf,
unsigned long count, void *data)
{
...
mask_bitfield = simple_strtoul(buf + pos, &end, 0);
if (end > buf + pos) {
mask_name = "numeral";
len = end - (buf + pos);
pos += len;
done = 0;
} else {
...
}
simple_strtoul may cause end>=buf+count.
I think we may need another check-length version of simple_strtoul
which is like nstrcpy v.s. strcpy.
--
Regards, neversetsun