Re: Serial driver - overrun possible to overrun flip buffer? (2.4.0-test7)

From: Theodore Y. Ts'o (tytso@MIT.EDU)
Date: Fri Sep 01 2000 - 10:33:39 EST

   From: Russell King <>
   Date: Fri, 1 Sep 2000 16:23:39 +0100 (BST)

   At the marked line (! - line 647), what if flip.count is equal to
   TTY_FLIPBUF_SIZE? Surely we're writing to a character outside the
   flag_buf_ptr array? If that is the case, should we not move this
   like until after the "goto ignore_char"? Also, does it matter that
   we don't place a character in the character buffer at the overrun

Yup, that's an obvious bug, thanks for pointing that out.. I'll get a
correction to Linus.

                                                - Ted
