From: Alexander Nyberg <alexn@dsv.su.se>

count is size_t, fill_write_buffer() may return a negative number which
would evade the 'count > 0' checks and do bad things.

found by the Coverity tool

Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/fs/sysfs/file.c |   13 +++++++------
 1 files changed, 7 insertions(+), 6 deletions(-)

diff -puN fs/sysfs/file.c~sysfs-signedness-problem fs/sysfs/file.c
--- 25/fs/sysfs/file.c~sysfs-signedness-problem	2005-02-28 15:37:48.000000000 -0800
+++ 25-akpm/fs/sysfs/file.c	2005-02-28 15:37:48.000000000 -0800
@@ -231,15 +231,16 @@ static ssize_t
 sysfs_write_file(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
 {
 	struct sysfs_buffer * buffer = file->private_data;
+	ssize_t len;
 
 	down(&buffer->sem);
-	count = fill_write_buffer(buffer,buf,count);
-	if (count > 0)
-		count = flush_write_buffer(file->f_dentry,buffer,count);
-	if (count > 0)
-		*ppos += count;
+	len = fill_write_buffer(buffer, buf, count);
+	if (len > 0)
+		len = flush_write_buffer(file->f_dentry, buffer, len);
+	if (len > 0)
+		*ppos += len;
 	up(&buffer->sem);
-	return count;
+	return len;
 }
 
 static int check_perm(struct inode * inode, struct file * file)
_