OOps I just see now the usage of port->bulk_out_size that of course is limited to 64 bytes in this case...
Sorry for the noise. Alain Line 377: count = pl2303_buf_get(priv->buf, port->write_urb->transfer_buffer, port->bulk_out_size); -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Alain Degreffe Envoyé : mardi 31 juillet 2007 7:13 À : 'Greg KH' Cc : linux-usb-devel@lists.sourceforge.net Objet : Re: [linux-usb-devel] usb-serial.c question - potential Memory fault Well I try to follow pl2303 wMaxPacketSize 0x0040 1x 64 bytes is the size retuned by the endpoint (I just plug my own pl2303 to check the value) line / code 330 priv->buf = pl2303_buf_alloc(PL2303_BUF_SIZE); where PL2303_BUF_SIZE = 1024 ! 377 count = pl2303_buf_get(priv->buf, port->write_urb->transfer_buffer, <--- here port->write_urb->transfer_buffer size = wMaxPacketSize 378 port->bulk_out_size); 379 278 static unsigned int pl2303_buf_get(struct pl2303_buf *pb, char *buf, 279 unsigned int count) { 286 len = pl2303_buf_data_avail(pb); 293 len = pb->buf_buf + pb->buf_size - pb->buf_get; 295 memcpy(buf, pb->buf_get, len); <----------- here len is nerver bigger than 64 ????? Alain -----Message d'origine----- De : Greg KH [mailto:[EMAIL PROTECTED] Envoyé : mardi 31 juillet 2007 1:05 À : [EMAIL PROTECTED] Cc : linux-usb-devel@lists.sourceforge.net Objet : Re: usb-serial.c question - potential Memory fault On Mon, Jul 30, 2007 at 07:04:51AM +0200, [EMAIL PROTECTED] wrote: > Hi Greg, > > > > After a new complete reading of my code against usb-serial.c, I finally > found ( I hope ) my problem. > > In usb-serial.c, when bulk_in/out buffers are initialized, each buffer size > are the same as the wMaxPacketSize given by the endpoint. > > So, in my case, my device have a value of 64 bytes and I send and receive > bulk data that might have 256 bytes length !!! And like pl2303, I just copy > the user data to port->write_urb->transfer_buffer. Hm, you need to not send more data than your buffer can hold, that is a very simple check you need to always make. > For all driver that use usb-serial for the probe function, this can be a > problem (like for me). I have checked for example the pl2303 that never > check this value before the memcpy. Where do you see that? I see pl2303_send() checking the size of the buffer when it is copied into it. thanks, greg k-h ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
