Following patch fixes calling vsnprintf with (NULL, 0) to get the length of the string. The problem is that the end ptr is set to 0xFFFFFFFF in this case, causing a write into address 0 as start < end. Cheers, Rusty. -- Premature optmztion is rt of all evl. --DK --- working-pmac-module/lib/vsprintf.c.~1~ Mon Sep 17 08:53:56 2001 +++ working-pmac-module/lib/vsprintf.c Thu Sep 20 21:26:05 2001 @@ -246,6 +246,8 @@ /* 'z' support added 23/7/1999 S.H. */ /* 'z' changed to 'Z' --davidm 1/25/99 */ + /* buf = NULL, size = 0 is common for getting length */ + if (size == 0) buf = (void *)1; str = buf; end = buf + size - 1; To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/