* [patch] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
@ 2013-11-07 7:40 Dan Carpenter
2013-11-07 7:47 ` Wim Van Sebroeck
2013-11-07 14:27 ` Guenter Roeck
0 siblings, 2 replies; 8+ messages in thread
From: Dan Carpenter @ 2013-11-07 7:40 UTC (permalink / raw)
To: Wim Van Sebroeck, Guenter Roeck; +Cc: linux-watchdog, kernel-janitors
We changed "buf" from being an array of 6 chars to being a pointer this
sizeof(buf) needs to be updated as well.
Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/watchdog/pcwd_usb.c b/drivers/watchdog/pcwd_usb.c
index 53598e8..7031b9b 100644
--- a/drivers/watchdog/pcwd_usb.c
+++ b/drivers/watchdog/pcwd_usb.c
@@ -258,7 +258,7 @@ static int usb_pcwd_send_command(struct usb_pcwd_private *usb_pcwd,
if (usb_control_msg(usb_pcwd->udev, usb_sndctrlpipe(usb_pcwd->udev, 0),
HID_REQ_SET_REPORT, HID_DT_REPORT,
- 0x0200, usb_pcwd->interface_number, buf, sizeof(buf),
+ 0x0200, usb_pcwd->interface_number, buf, 6,
USB_COMMAND_TIMEOUT) != sizeof(buf)) {
dbg("usb_pcwd_send_command: error in usb_control_msg for "
"cmd 0x%x 0x%x 0x%x\n", cmd, *msb, *lsb);
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [patch] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
2013-11-07 7:40 [patch] watchdog: pcwd_usb: overflow in usb_pcwd_send_command() Dan Carpenter
@ 2013-11-07 7:47 ` Wim Van Sebroeck
2013-11-07 14:27 ` Guenter Roeck
1 sibling, 0 replies; 8+ messages in thread
From: Wim Van Sebroeck @ 2013-11-07 7:47 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Guenter Roeck, linux-watchdog, kernel-janitors
Hi Dan,
> We changed "buf" from being an array of 6 chars to being a pointer this
> sizeof(buf) needs to be updated as well.
>
> Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/watchdog/pcwd_usb.c b/drivers/watchdog/pcwd_usb.c
> index 53598e8..7031b9b 100644
> --- a/drivers/watchdog/pcwd_usb.c
> +++ b/drivers/watchdog/pcwd_usb.c
> @@ -258,7 +258,7 @@ static int usb_pcwd_send_command(struct usb_pcwd_private *usb_pcwd,
>
> if (usb_control_msg(usb_pcwd->udev, usb_sndctrlpipe(usb_pcwd->udev, 0),
> HID_REQ_SET_REPORT, HID_DT_REPORT,
> - 0x0200, usb_pcwd->interface_number, buf, sizeof(buf),
> + 0x0200, usb_pcwd->interface_number, buf, 6,
> USB_COMMAND_TIMEOUT) != sizeof(buf)) {
> dbg("usb_pcwd_send_command: error in usb_control_msg for "
> "cmd 0x%x 0x%x 0x%x\n", cmd, *msb, *lsb);
Added to linux-watchdog-next.
Kind regards,
Wim.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [patch] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
2013-11-07 7:40 [patch] watchdog: pcwd_usb: overflow in usb_pcwd_send_command() Dan Carpenter
2013-11-07 7:47 ` Wim Van Sebroeck
@ 2013-11-07 14:27 ` Guenter Roeck
2013-11-07 14:33 ` Dan Carpenter
2013-11-08 9:24 ` [patch v2] " Dan Carpenter
1 sibling, 2 replies; 8+ messages in thread
From: Guenter Roeck @ 2013-11-07 14:27 UTC (permalink / raw)
To: Dan Carpenter, Wim Van Sebroeck; +Cc: linux-watchdog, kernel-janitors
On 11/06/2013 11:40 PM, Dan Carpenter wrote:
> We changed "buf" from being an array of 6 chars to being a pointer this
> sizeof(buf) needs to be updated as well.
>
oops ...
> Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/watchdog/pcwd_usb.c b/drivers/watchdog/pcwd_usb.c
> index 53598e8..7031b9b 100644
> --- a/drivers/watchdog/pcwd_usb.c
> +++ b/drivers/watchdog/pcwd_usb.c
> @@ -258,7 +258,7 @@ static int usb_pcwd_send_command(struct usb_pcwd_private *usb_pcwd,
>
> if (usb_control_msg(usb_pcwd->udev, usb_sndctrlpipe(usb_pcwd->udev, 0),
> HID_REQ_SET_REPORT, HID_DT_REPORT,
> - 0x0200, usb_pcwd->interface_number, buf, sizeof(buf),
> + 0x0200, usb_pcwd->interface_number, buf, 6,
> USB_COMMAND_TIMEOUT) != sizeof(buf)) {
Doesn't it have to be fixed here as well ?
Thanks,
Guenter
> dbg("usb_pcwd_send_command: error in usb_control_msg for "
> "cmd 0x%x 0x%x 0x%x\n", cmd, *msb, *lsb);
> --
> To unsubscribe from this list: send the line "unsubscribe linux-watchdog" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [patch] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
2013-11-07 14:27 ` Guenter Roeck
@ 2013-11-07 14:33 ` Dan Carpenter
2013-11-08 9:24 ` [patch v2] " Dan Carpenter
1 sibling, 0 replies; 8+ messages in thread
From: Dan Carpenter @ 2013-11-07 14:33 UTC (permalink / raw)
To: Guenter Roeck; +Cc: Wim Van Sebroeck, linux-watchdog, kernel-janitors
On Thu, Nov 07, 2013 at 06:27:29AM -0800, Guenter Roeck wrote:
> On 11/06/2013 11:40 PM, Dan Carpenter wrote:
> >We changed "buf" from being an array of 6 chars to being a pointer this
> >sizeof(buf) needs to be updated as well.
> >
> oops ...
>
> >Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
> >Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> >diff --git a/drivers/watchdog/pcwd_usb.c b/drivers/watchdog/pcwd_usb.c
> >index 53598e8..7031b9b 100644
> >--- a/drivers/watchdog/pcwd_usb.c
> >+++ b/drivers/watchdog/pcwd_usb.c
> >@@ -258,7 +258,7 @@ static int usb_pcwd_send_command(struct usb_pcwd_private *usb_pcwd,
> >
> > if (usb_control_msg(usb_pcwd->udev, usb_sndctrlpipe(usb_pcwd->udev, 0),
> > HID_REQ_SET_REPORT, HID_DT_REPORT,
> >- 0x0200, usb_pcwd->interface_number, buf, sizeof(buf),
> >+ 0x0200, usb_pcwd->interface_number, buf, 6,
> > USB_COMMAND_TIMEOUT) != sizeof(buf)) {
>
> Doesn't it have to be fixed here as well ?
Yeah. Good eye. I'll send a v2.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 8+ messages in thread
* [patch v2] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
2013-11-07 14:27 ` Guenter Roeck
2013-11-07 14:33 ` Dan Carpenter
@ 2013-11-08 9:24 ` Dan Carpenter
2013-11-08 14:24 ` Guenter Roeck
` (2 more replies)
1 sibling, 3 replies; 8+ messages in thread
From: Dan Carpenter @ 2013-11-08 9:24 UTC (permalink / raw)
To: Wim Van Sebroeck; +Cc: linux-watchdog, kernel-janitors, Guenter Roeck
We changed "buf" from being an array of 6 chars to being a pointer this
sizeof(buf) needs to be updated as well.
Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: Fix the bug that Guenter Roeck pointed out in v1.
diff --git a/drivers/watchdog/pcwd_usb.c b/drivers/watchdog/pcwd_usb.c
index 53598e8..b731b5d 100644
--- a/drivers/watchdog/pcwd_usb.c
+++ b/drivers/watchdog/pcwd_usb.c
@@ -258,8 +258,8 @@ static int usb_pcwd_send_command(struct usb_pcwd_private *usb_pcwd,
if (usb_control_msg(usb_pcwd->udev, usb_sndctrlpipe(usb_pcwd->udev, 0),
HID_REQ_SET_REPORT, HID_DT_REPORT,
- 0x0200, usb_pcwd->interface_number, buf, sizeof(buf),
- USB_COMMAND_TIMEOUT) != sizeof(buf)) {
+ 0x0200, usb_pcwd->interface_number, buf, 6,
+ USB_COMMAND_TIMEOUT) != 6) {
dbg("usb_pcwd_send_command: error in usb_control_msg for "
"cmd 0x%x 0x%x 0x%x\n", cmd, *msb, *lsb);
}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [patch v2] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
2013-11-08 9:24 ` [patch v2] " Dan Carpenter
@ 2013-11-08 14:24 ` Guenter Roeck
2013-11-11 16:00 ` Guenter Roeck
2013-11-17 19:06 ` Wim Van Sebroeck
2 siblings, 0 replies; 8+ messages in thread
From: Guenter Roeck @ 2013-11-08 14:24 UTC (permalink / raw)
To: Dan Carpenter, Wim Van Sebroeck; +Cc: linux-watchdog, kernel-janitors
On 11/08/2013 01:24 AM, Dan Carpenter wrote:
> We changed "buf" from being an array of 6 chars to being a pointer this
> sizeof(buf) needs to be updated as well.
>
> Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
> ---
> v2: Fix the bug that Guenter Roeck pointed out in v1.
>
> diff --git a/drivers/watchdog/pcwd_usb.c b/drivers/watchdog/pcwd_usb.c
> index 53598e8..b731b5d 100644
> --- a/drivers/watchdog/pcwd_usb.c
> +++ b/drivers/watchdog/pcwd_usb.c
> @@ -258,8 +258,8 @@ static int usb_pcwd_send_command(struct usb_pcwd_private *usb_pcwd,
>
> if (usb_control_msg(usb_pcwd->udev, usb_sndctrlpipe(usb_pcwd->udev, 0),
> HID_REQ_SET_REPORT, HID_DT_REPORT,
> - 0x0200, usb_pcwd->interface_number, buf, sizeof(buf),
> - USB_COMMAND_TIMEOUT) != sizeof(buf)) {
> + 0x0200, usb_pcwd->interface_number, buf, 6,
> + USB_COMMAND_TIMEOUT) != 6) {
> dbg("usb_pcwd_send_command: error in usb_control_msg for "
> "cmd 0x%x 0x%x 0x%x\n", cmd, *msb, *lsb);
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-watchdog" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [patch v2] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
2013-11-08 9:24 ` [patch v2] " Dan Carpenter
2013-11-08 14:24 ` Guenter Roeck
@ 2013-11-11 16:00 ` Guenter Roeck
2013-11-17 19:06 ` Wim Van Sebroeck
2 siblings, 0 replies; 8+ messages in thread
From: Guenter Roeck @ 2013-11-11 16:00 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Wim Van Sebroeck, linux-watchdog, kernel-janitors
On Fri, Nov 08, 2013 at 01:24:19AM -0800, Dan Carpenter wrote:
> We changed "buf" from being an array of 6 chars to being a pointer this
> sizeof(buf) needs to be updated as well.
>
> Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
I thought I had replied earlier, but I don't find my reply anywhere.
My apologies if this is a duplicate.
Guenter
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [patch v2] watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
2013-11-08 9:24 ` [patch v2] " Dan Carpenter
2013-11-08 14:24 ` Guenter Roeck
2013-11-11 16:00 ` Guenter Roeck
@ 2013-11-17 19:06 ` Wim Van Sebroeck
2 siblings, 0 replies; 8+ messages in thread
From: Wim Van Sebroeck @ 2013-11-17 19:06 UTC (permalink / raw)
To: Dan Carpenter; +Cc: linux-watchdog, kernel-janitors, Guenter Roeck
Hi Dan,
> We changed "buf" from being an array of 6 chars to being a pointer this
> sizeof(buf) needs to be updated as well.
>
> Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: Fix the bug that Guenter Roeck pointed out in v1.
This was added to linux-watchdog-next.
Kind regards,
Wim.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-11-17 19:06 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-11-07 7:40 [patch] watchdog: pcwd_usb: overflow in usb_pcwd_send_command() Dan Carpenter
2013-11-07 7:47 ` Wim Van Sebroeck
2013-11-07 14:27 ` Guenter Roeck
2013-11-07 14:33 ` Dan Carpenter
2013-11-08 9:24 ` [patch v2] " Dan Carpenter
2013-11-08 14:24 ` Guenter Roeck
2013-11-11 16:00 ` Guenter Roeck
2013-11-17 19:06 ` Wim Van Sebroeck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).