Following patch fixes calling vsnprintf with (NULL, 0) to get the
length of the string.  The problem is that the end ptr is set to
0xFFFFFFFF in this case, causing a write into address 0 as start <
end.

Cheers,
Rusty. 
--
Premature optmztion is rt of all evl. --DK

--- working-pmac-module/lib/vsprintf.c.~1~	Mon Sep 17 08:53:56 2001
+++ working-pmac-module/lib/vsprintf.c	Thu Sep 20 21:26:05 2001
@@ -246,6 +246,8 @@
 				/* 'z' support added 23/7/1999 S.H.    */
 				/* 'z' changed to 'Z' --davidm 1/25/99 */
 
+	/* buf = NULL, size = 0 is common for getting length */
+	if (size == 0) buf = (void *)1;
 	str = buf;
 	end = buf + size - 1;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/