Thanks good patch. > -----Original Message----- > From: Ameya Palande [mailto:[email protected]] > Sent: Tuesday, July 07, 2009 10:02 AM > To: [email protected] > Cc: Guzman Lugo, Fernando; Kanigeri, Hari; [email protected] > Subject: [PATCHv2 2/4] DSPBRIDGE: Heuristic fixes of strlen/malloc out by > one > > From: Phil Carmody <[email protected]> > > I say 'heuristic', as I can't prove they're wrong, they just look > wrong, and for that reason should be given extra close scrutiny. > These are basically just the old malloc-one-more-than-strlen. > > Signed-off-by: Phil Carmody <[email protected]> > --- > drivers/dsp/bridge/pmgr/wcd.c | 11 ++++++----- > 1 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/drivers/dsp/bridge/pmgr/wcd.c b/drivers/dsp/bridge/pmgr/wcd.c > index aaf3019..563a1d8 100644 > --- a/drivers/dsp/bridge/pmgr/wcd.c > +++ b/drivers/dsp/bridge/pmgr/wcd.c > @@ -532,8 +532,9 @@ u32 MGRWRAP_RegisterObject(union Trapped_Args *args) > cp_fm_usr(&pUuid, args->ARGS_MGR_REGISTEROBJECT.pUuid, status, 1); > if (DSP_FAILED(status)) > goto func_end; > + /* pathSize is increased by 1 to accommodate NULL */ > pathSize = strlen_user((char *) > - args->ARGS_MGR_REGISTEROBJECT.pszPathName); > + args->ARGS_MGR_REGISTEROBJECT.pszPathName) + 1; > pszPathName = MEM_Alloc(pathSize, MEM_NONPAGED); > if (!pszPathName) > goto func_end; > @@ -544,7 +545,6 @@ u32 MGRWRAP_RegisterObject(union Trapped_Args *args) > status = DSP_EPOINTER; > goto func_end; > } > - pszPathName[pathSize] = '\0'; > > GT_1trace(WCD_debugMask, GT_ENTER, > "MGRWRAP_RegisterObject: entered pg2hMsg " > @@ -904,7 +904,8 @@ u32 PROCWRAP_Load(union Trapped_Args *args) > if (argv[i] != NULL) { > /* User space pointer to argument */ > temp = (char *) argv[i]; > - len = strlen_user((char *)temp); > + /* len is increased by 1 to accommodate NULL */ > + len = strlen_user((char *)temp) + 1; > /* Kernel space pointer to argument */ > argv[i] = MEM_Alloc(len, MEM_NONPAGED); > if (argv[i] == NULL) { > @@ -914,7 +915,6 @@ u32 PROCWRAP_Load(union Trapped_Args *args) > cp_fm_usr(argv[i], temp, status, len); > if (DSP_FAILED(status)) > goto func_cont; > - > } > } > /* TODO: validate this */ > @@ -937,7 +937,8 @@ u32 PROCWRAP_Load(union Trapped_Args *args) > for (i = 0; DSP_SUCCEEDED(status) && (envp[i] != NULL); i++) { > /* User space pointer to argument */ > temp = (char *)envp[i]; > - len = strlen_user((char *)temp); > + /* len is increased by 1 to accommodate NULL */ > + len = strlen_user((char *)temp) + 1; > /* Kernel space pointer to argument */ > envp[i] = MEM_Alloc(len, MEM_NONPAGED); > if (envp[i] == NULL) { > -- > 1.6.2.4 >
Acked-by Fernando Guzman Lugo <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
