Hello! On Oct 22, 2014, at 6:32 AM, Dan Carpenter wrote: I am not sure what if statement do you mean? If it's the "if ((strncmp(name, XATTR_TRUSTED_PREFIX," one then size of 0 does seem to be incorrect: struct lov_user_md *lump = (struct lov_user_md *)value; // (I hope this is not a user pointer?) … if (lump != NULL && lump->lmm_stripe_offset == 0) lump->lmm_stripe_offset = -1; // So, if lump is 0, we are already accessing past allowed range … int lum_size = (lump->lmm_magic == LOV_USER_MAGIC_V1) ? and again… Bye, Oleg