Re: [patch v2] cx231xx: card-driver Conexant cx231xx Audio too long
On Mon, Mar 22, 2010 at 05:04:55PM +0100, Takashi Iwai wrote: At Mon, 22 Mar 2010 08:43:47 -0700, Joe Perches wrote: On Mon, 2010-03-22 at 18:39 +0300, Dan Carpenter wrote: card-driver is 15 characters and a NULL, the original code could cause a buffer overflow. In version 2, I used a better name that Takashi Iwai suggested. Perhaps it's better to use strncpy as well. strlcpy() would be safer :) But, in such a case, we want rather that the error is notified at build time. Maybe a macro like below would be helpful to catch such bugs? #define COPY_STRING(buf, src) \ do {\ if (__builtin_constant_p(src)) \ BUILD_BUG_ON(strlen(src) = sizeof(buf)); \ strcpy(buf, src); \ } while (0) and used like: struct foo { char foo[5]; } x; COPY_STRING(x.foo, OK); // OK COPY_STRING(x.foo, 1234567890); // NG why not define strcpy this way? Marcin -- To unsubscribe from this list: send the line unsubscribe linux-media in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: V4L2 drivers: potentially dangerous and inefficient msecs_to_jiffies() calculation
Andreas Mohr pisze: Hi all, ./drivers/media/video/sn9c102/sn9c102_core.c , ./drivers/media/video/et61x251/et61x251_core.c and ./drivers/media/video/zc0301/zc0301_core.c do cam-module_param.frame_timeout * 1000 * msecs_to_jiffies(1) ); multiple times each. What they should do instead is frame_timeout * msecs_to_jiffies(1000), I'd think. Or better: frame_timeout * HZ Marcin -- To unsubscribe from this list: send the line unsubscribe linux-media in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Dereferencing freed memory bugs
Dan Carpenter wrote: I added a check to smatch (http://repo.or.cz/w/smatch.git/) to check for when we dereference freed memory. drivers/dma/dmatest.c +410 dmatest_exit(7) 'dtc' drivers/dma/dmatest.c +412 dmatest_exit(9) 'dtc' Seems to be fixed by 7cbd4877e5b167b56a3d6033b926a9f925186e12: dmatest: fix use after free in dmatest_exit drivers/infiniband/hw/nes/nes_cm.c +563 nes_cm_timer_tick(121) 'cm_node' drivers/infiniband/hw/nes/nes_cm.c +621 nes_cm_timer_tick(179) 'cm_node' (...) drivers/usb/host/ehci-hcd.c +1661 itd_complete(79) 'stream' drivers/usb/host/ehci-hcd.c +2036 sitd_complete(64) 'stream' drivers/uwb/reset.c +193 __uwb_rc_cmd(26) 'cmd' (...) net/netfilter/xt_recent.c +273 recent_mt(69) 'e' (...) drivers/media/video/cpia_pp.c +777 cpia_pp_detach(28) 'cpia' (...) These are less obvious. Adding CCs. Please leave only one of openfabrics/linux-usb/netdev/linux-media in CCs when responding. ps: [s]itd_complete is in drivers/usb/host/ehci-sched.c -- To unsubscribe from this list: send the line unsubscribe linux-media in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html