sparc: led: avoid trimming a newline from empty writes

led_proc_write() duplicates up to LED_MAX_LENGTH bytes with
memdup_user_nul() and then unconditionally inspects buf[count - 1] to
strip a trailing newline. A zero-length write therefore reads one byte
before the duplicated buffer.

The previous version rejected empty writes, but empty input already falls
through to the existing default case and turns the LED off like any other
unrecognized string. Preserve that behavior and only skip the newline
trim when there is no input byte to inspect.

Fixes: ee1858d3122d ("[SPARC]: Add sun4m LED driver.")
Suggested-by: Andreas Larsson <andreas@gaisler.com>
Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
Signed-off-by: Andreas Larsson <andreas@gaisler.com>

diff --git a/arch/sparc/kernel/led.c b/arch/sparc/kernel/led.c
index f4fb82b019bb93fb496345eda61a2ed7e421595e..9b53ac1fe533df6055b8c5d4e45a06493c2162d1 100644 (file)
--- a/arch/sparc/kernel/led.c
+++ b/arch/sparc/kernel/led.c
@@ -78,7 +78,7 @@ static ssize_t led_proc_write(struct file *file, const char __user *buffer,
                return PTR_ERR(buf);
 
        /* work around \n when echo'ing into proc */
-       if (buf[count - 1] == '\n')
+       if (count > 0 && buf[count - 1] == '\n')
                buf[count - 1] = '\0';
 
        /* before we change anything we want to stop any running timers,