iio_utils.h bug? - Zubair Lutfullah :

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Zubair Lutfullah :" <zubair.lutfullah@gmail.com>
To: jic23@kernel.org
Cc: linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: iio_utils.h bug?
Date: Sun, 22 Dec 2013 22:47:15 +0500	[thread overview]
Message-ID: <20131222174713.GA3931@gmail.com> (raw)

Hi,

A guy posted this fix on my blog. I couldn't make sense of it.

Thought I'd post it here. I'll send a proper patch file if 
I knew what commit log I needed to write.
And I can't exactly sign-off :s.

I asked him to post but he couldn't/wouldn't.

Regards
ZubairLK


"Defend against buffer overflow of ci_array:

 code always overwrites one entry beyond end of array, now fixed
--Craig Markwardt"

iio_utils.h

@@ -335,6 +335,7 @@ inline int build_channel_array(const char *device_dir,
   while (ent = readdir(dp), ent != NULL) {
     if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
          "_en") == 0) {
+      int current_enabled = 0;
       current = &(*ci_array)[count++];
       ret = asprintf(&filename,
                "%s/%s", scan_el_dir, ent->d_name);
       if (ret < 0) {
         ret = -ENOMEM;
         /* decrement count to avoid freeing name */
         count--;
         goto error_cleanup_array;
       }

       sysfsfp = fopen(filename, "r");

       if (sysfsfp == NULL) {
         free(filename);
         ret = -errno;
         goto error_cleanup_array;
       }

-      fscanf(sysfsfp, "%u", &current->enabled);
+      fscanf(sysfsfp, "%u", &current_enabled);
       fclose(sysfsfp);

-      if (!current->enabled) {
+      if (!current_enabled) {
         free(filename);
         count--;
         continue;
       }
+      current->enabled = current_enabled;
       current->scale = 1.0;
       current->offset = 0;
       current->name = strndup(ent->d_name,

next             reply	other threads:[~2013-12-22 22:47 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-22 17:47 Zubair Lutfullah : [this message]
2013-12-24 18:53 ` iio_utils.h bug? Jonathan Cameron

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131222174713.GA3931@gmail.com \
    --to=zubair.lutfullah@gmail.com \
    --cc=jic23@kernel.org \
    --cc=linux-iio@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox