On Wed, Sep 10, 2003 at 07:03:15PM +0400, Sergey Vlasov wrote:
> On Fri, 5 Sep 2003 17:16:35 -0700
> Greg KH <[EMAIL PROTECTED]> wrote:
>
> > ChangeSet 1.1119.3.8, 2003/09/05 15:47:25-07:00, [EMAIL PROTECTED]
> >
> > [PATCH] USB: fix copy_to_user call in mdc800 driver
> >
> >
> > drivers/usb/mdc800.c | 3 ++-
> > 1 files changed, 2 insertions(+), 1 deletion(-)
> >
> >
> > diff -Nru a/drivers/usb/mdc800.c b/drivers/usb/mdc800.c
> > --- a/drivers/usb/mdc800.c Fri Sep 5 17:10:44 2003
> > +++ b/drivers/usb/mdc800.c Fri Sep 5 17:10:44 2003
> > @@ -726,7 +726,8 @@
> > else
> > {
> > /* memcpy Bytes */
> > - copy_to_user(ptr, &mdc800->out [mdc800->out_ptr], sts);
> > + if (copy_to_user(ptr, &mdc800->out [mdc800->out_ptr], sts))
> > + return -EFAULT;
> > ptr+=sts;
> > left-=sts;
> > mdc800->out_ptr+=sts;
>
> This fix introduces a bug - return without up(&mdc800->io_lock).
Thanks for finding this, I'll fix this one, and the other mentioned file
up in the my next round of patches.
greg k-h
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
