* iio_utils.h bug?
@ 2013-12-22 17:47 Zubair Lutfullah :
2013-12-24 18:53 ` Jonathan Cameron
0 siblings, 1 reply; 2+ messages in thread
From: Zubair Lutfullah : @ 2013-12-22 17:47 UTC (permalink / raw)
To: jic23; +Cc: linux-iio, linux-kernel
Hi,
A guy posted this fix on my blog. I couldn't make sense of it.
Thought I'd post it here. I'll send a proper patch file if
I knew what commit log I needed to write.
And I can't exactly sign-off :s.
I asked him to post but he couldn't/wouldn't.
Regards
ZubairLK
"Defend against buffer overflow of ci_array:
code always overwrites one entry beyond end of array, now fixed
--Craig Markwardt"
iio_utils.h
@@ -335,6 +335,7 @@ inline int build_channel_array(const char *device_dir,
while (ent = readdir(dp), ent != NULL) {
if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
"_en") == 0) {
+ int current_enabled = 0;
current = &(*ci_array)[count++];
ret = asprintf(&filename,
"%s/%s", scan_el_dir, ent->d_name);
if (ret < 0) {
ret = -ENOMEM;
/* decrement count to avoid freeing name */
count--;
goto error_cleanup_array;
}
sysfsfp = fopen(filename, "r");
if (sysfsfp == NULL) {
free(filename);
ret = -errno;
goto error_cleanup_array;
}
- fscanf(sysfsfp, "%u", ¤t->enabled);
+ fscanf(sysfsfp, "%u", ¤t_enabled);
fclose(sysfsfp);
- if (!current->enabled) {
+ if (!current_enabled) {
free(filename);
count--;
continue;
}
+ current->enabled = current_enabled;
current->scale = 1.0;
current->offset = 0;
current->name = strndup(ent->d_name,
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: iio_utils.h bug?
2013-12-22 17:47 iio_utils.h bug? Zubair Lutfullah :
@ 2013-12-24 18:53 ` Jonathan Cameron
0 siblings, 0 replies; 2+ messages in thread
From: Jonathan Cameron @ 2013-12-24 18:53 UTC (permalink / raw)
To: Zubair Lutfullah :; +Cc: linux-iio, linux-kernel
"Zubair Lutfullah :" <zubair.lutfullah@gmail.com> wrote:
>Hi,
>
>A guy posted this fix on my blog. I couldn't make sense of it.
>
>Thought I'd post it here. I'll send a proper patch file if
>I knew what commit log I needed to write.
>And I can't exactly sign-off :s.
Yes you can. Patch routed through you, hence your sign is entirely correct. If you have an email address for the author then the from field can be different from the sign-off and you can add a reported-by as well to credit it as fully as possible.
Will be the weekend at least before I actually look at the code!
>
>I asked him to post but he couldn't/wouldn't.
>
>Regards
>ZubairLK
>
>
>"Defend against buffer overflow of ci_array:
>
> code always overwrites one entry beyond end of array, now fixed
>--Craig Markwardt"
>
>iio_utils.h
>
>@@ -335,6 +335,7 @@ inline int build_channel_array(const char
>*device_dir,
> while (ent = readdir(dp), ent != NULL) {
> if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
> "_en") == 0) {
>+ int current_enabled = 0;
> current = &(*ci_array)[count++];
> ret = asprintf(&filename,
> "%s/%s", scan_el_dir, ent->d_name);
> if (ret < 0) {
> ret = -ENOMEM;
> /* decrement count to avoid freeing name */
> count--;
> goto error_cleanup_array;
> }
>
> sysfsfp = fopen(filename, "r");
>
> if (sysfsfp == NULL) {
> free(filename);
> ret = -errno;
> goto error_cleanup_array;
> }
>
>- fscanf(sysfsfp, "%u", ¤t->enabled);
>+ fscanf(sysfsfp, "%u", ¤t_enabled);
> fclose(sysfsfp);
>
>- if (!current->enabled) {
>+ if (!current_enabled) {
> free(filename);
> count--;
> continue;
> }
>+ current->enabled = current_enabled;
> current->scale = 1.0;
> current->offset = 0;
> current->name = strndup(ent->d_name,
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-12-24 18:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-22 17:47 iio_utils.h bug? Zubair Lutfullah :
2013-12-24 18:53 ` Jonathan Cameron
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox