Re: [patch v2] cx231xx: card-driver Conexant cx231xx Audio too long

2010-03-23 Thread Marcin Slusarz 
On Mon, Mar 22, 2010 at 05:04:55PM +0100, Takashi Iwai wrote:
 At Mon, 22 Mar 2010 08:43:47 -0700,
 Joe Perches wrote:
  
  On Mon, 2010-03-22 at 18:39 +0300, Dan Carpenter wrote:
   card-driver is 15 characters and a NULL, the original code could 
   cause a buffer overflow.
  
   In version 2, I used a better name that Takashi Iwai suggested.
  
  Perhaps it's better to use strncpy as well.
 
 strlcpy() would be safer :)
 
 But, in such a case, we want rather that the error is notified at
 build time.
 
 Maybe a macro like below would be helpful to catch such bugs?
 
 #define COPY_STRING(buf, src) \
   do {\
   if (__builtin_constant_p(src))  \
   BUILD_BUG_ON(strlen(src) = sizeof(buf));   \
   strcpy(buf, src);   \
   } while (0)
 
 and used like:
 
 struct foo {
   char foo[5];
 } x;
 
 COPY_STRING(x.foo, OK); // OK
 COPY_STRING(x.foo, 1234567890); // NG

why not define strcpy this way?

Marcin
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: V4L2 drivers: potentially dangerous and inefficient msecs_to_jiffies() calculation

2009-09-15 Thread Marcin Slusarz 
Andreas Mohr pisze:
 Hi all,
 
 ./drivers/media/video/sn9c102/sn9c102_core.c
 ,
 ./drivers/media/video/et61x251/et61x251_core.c
 and
 ./drivers/media/video/zc0301/zc0301_core.c
 do
 cam-module_param.frame_timeout *
 1000 * msecs_to_jiffies(1) );
 multiple times each.
 What they should do instead is
 frame_timeout * msecs_to_jiffies(1000), I'd think.

Or better: frame_timeout * HZ

Marcin
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Dereferencing freed memory bugs

2009-03-28 Thread Marcin Slusarz 
Dan Carpenter wrote:
 I added a check to smatch (http://repo.or.cz/w/smatch.git/) to check
 for when we dereference
 freed memory.
 
 drivers/dma/dmatest.c +410 dmatest_exit(7) 'dtc'
 drivers/dma/dmatest.c +412 dmatest_exit(9) 'dtc'

Seems to be fixed by 7cbd4877e5b167b56a3d6033b926a9f925186e12:
dmatest: fix use after free in dmatest_exit

 drivers/infiniband/hw/nes/nes_cm.c +563 nes_cm_timer_tick(121) 'cm_node'
 drivers/infiniband/hw/nes/nes_cm.c +621 nes_cm_timer_tick(179) 'cm_node'
 (...)
 drivers/usb/host/ehci-hcd.c +1661 itd_complete(79) 'stream'
 drivers/usb/host/ehci-hcd.c +2036 sitd_complete(64) 'stream'
 drivers/uwb/reset.c +193 __uwb_rc_cmd(26) 'cmd'
 (...)
 net/netfilter/xt_recent.c +273 recent_mt(69) 'e'
 (...)
 drivers/media/video/cpia_pp.c +777 cpia_pp_detach(28) 'cpia'
 (...)

These are less obvious.

Adding CCs.
Please leave only one of openfabrics/linux-usb/netdev/linux-media in CCs
when responding.

ps: [s]itd_complete is in drivers/usb/host/ehci-sched.c
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html