Just handing down a data pointer is risky, since we can't do any model-specific checking for buffer length in the actual model-specific code. So instead, for any buffer size, call the parser. The parser then can return 0 if the length of the buffer isn't sufficient.
Signed-off-by: Peter Hutterer <[email protected]> --- src/wcmISDV4.c | 13 +++++-------- src/wcmUSB.c | 7 +++++-- src/xf86Wacom.c | 36 +++++++++++++++--------------------- src/xf86WacomDefs.h | 2 +- 4 files changed, 26 insertions(+), 32 deletions(-) diff --git a/src/wcmISDV4.c b/src/wcmISDV4.c index b050fcb..2b46ff1 100644 --- a/src/wcmISDV4.c +++ b/src/wcmISDV4.c @@ -38,7 +38,7 @@ static Bool isdv4Init(LocalDevicePtr, char* id, float *version); static void isdv4InitISDV4(WacomCommonPtr, const char* id, float version); static int isdv4GetRanges(LocalDevicePtr); static int isdv4StartTablet(LocalDevicePtr); -static int isdv4Parse(LocalDevicePtr, const unsigned char* data); +static int isdv4Parse(LocalDevicePtr, const unsigned char* data, int len); static int wcmSerialValidate(WacomCommonPtr common, const unsigned char* data); static int wcmWaitForTablet(int fd, char * data, int size); static int wcmWriteWait(int fd, const char* request); @@ -387,7 +387,7 @@ static int isdv4StartTablet(LocalDevicePtr local) return Success; } -static int isdv4Parse(LocalDevicePtr local, const unsigned char* data) +static int isdv4Parse(LocalDevicePtr local, const unsigned char* data, int len) { WacomDevicePtr priv = (WacomDevicePtr)local->private; WacomCommonPtr common = priv->common; @@ -398,6 +398,9 @@ static int isdv4Parse(LocalDevicePtr local, const unsigned char* data) DBG(10, common, "\n"); + if (len < common->wcmPktLength) + return 0; + /* determine the type of message (touch or stylus) */ if (data[0] & 0x10) /* a touch data */ { @@ -420,12 +423,6 @@ static int isdv4Parse(LocalDevicePtr local, const unsigned char* data) } } - if (common->buffer + common->bufpos - data < common->wcmPktLength) - { - /* we can't handle this yet */ - return common->wcmPktLength; - } - /* Coordinate data bit check */ if (data[0] & 0x40) /* control data */ return common->wcmPktLength; diff --git a/src/wcmUSB.c b/src/wcmUSB.c index f9a4a31..f402271 100644 --- a/src/wcmUSB.c +++ b/src/wcmUSB.c @@ -44,7 +44,7 @@ static void usbInitProtocol5(WacomCommonPtr common, const char* id, static void usbInitProtocol4(WacomCommonPtr common, const char* id, float version); int usbWcmGetRanges(LocalDevicePtr local); -static int usbParse(LocalDevicePtr local, const unsigned char* data); +static int usbParse(LocalDevicePtr local, const unsigned char* data, int len); static int usbDetectConfig(LocalDevicePtr local); static void usbParseEvent(LocalDevicePtr local, const struct input_event* event); @@ -657,11 +657,14 @@ static int usbDetectConfig(LocalDevicePtr local) return TRUE; } -static int usbParse(LocalDevicePtr local, const unsigned char* data) +static int usbParse(LocalDevicePtr local, const unsigned char* data, int len) { WacomDevicePtr priv = (WacomDevicePtr)local->private; WacomCommonPtr common = priv->common; + if (len < sizeof(struct input_event)) + return 0; + usbParseEvent(local, (const struct input_event*)data); return common->wcmPktLength; } diff --git a/src/xf86Wacom.c b/src/xf86Wacom.c index f72a95e..3da591b 100644 --- a/src/xf86Wacom.c +++ b/src/xf86Wacom.c @@ -1128,8 +1128,6 @@ void wcmReadPacket(LocalDevicePtr local) common->bufpos += len; DBG(10, common, "buffer has %d bytes\n", common->bufpos); - pos = 0; - /* while there are whole packets present, check the packet length * for serial ISDv4 packet since it's different for pen and touch */ @@ -1151,35 +1149,31 @@ void wcmReadPacket(LocalDevicePtr local) } } - while ((common->bufpos - pos) >= common->wcmPktLength) + len = common->bufpos; + pos = 0; + + while (len > 0) { /* parse packet */ - cnt = common->wcmModel->Parse(local, common->buffer + pos); + cnt = common->wcmModel->Parse(local, common->buffer + pos, len); if (cnt <= 0) { - DBG(1, common, "Misbehaving parser returned %d\n",cnt); + if (cnt < 0) + DBG(1, common, "Misbehaving parser returned %d\n",cnt); break; } pos += cnt; + len -= cnt; } - - if (pos) - { - /* if half a packet remains, move it down */ - if (pos < common->bufpos) - { - DBG(7, common, "MOVE %d bytes\n", common->bufpos - pos); - memmove(common->buffer,common->buffer+pos, - common->bufpos-pos); - common->bufpos -= pos; - } - /* otherwise, reset the buffer for next time */ - else - { - common->bufpos = 0; - } + /* if half a packet remains, move it down */ + if (len) + { + DBG(7, common, "MOVE %d bytes\n", common->bufpos - pos); + memmove(common->buffer,common->buffer+pos, len); } + + common->bufpos = len; } int wcmDevChangeControl(LocalDevicePtr local, xDeviceCtl * control) diff --git a/src/xf86WacomDefs.h b/src/xf86WacomDefs.h index f2e1655..3a9a89a 100644 --- a/src/xf86WacomDefs.h +++ b/src/xf86WacomDefs.h @@ -83,7 +83,7 @@ struct _WacomModel void (*GetResolution)(LocalDevicePtr local); int (*GetRanges)(LocalDevicePtr local); int (*Start)(LocalDevicePtr local); - int (*Parse)(LocalDevicePtr local, const unsigned char* data); + int (*Parse)(LocalDevicePtr local, const unsigned char* data, int len); int (*FilterRaw)(WacomCommonPtr common, WacomChannelPtr pChannel, WacomDeviceStatePtr ds); int (*DetectConfig)(LocalDevicePtr local); -- 1.6.6.1 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Linuxwacom-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linuxwacom-devel
