Re: [PATCH 2.6.13-rc3-git9] pl2303: pl2303_update_line_status data length fix

From: Greg KH
Date: Mon Aug 08 2005 - 17:25:03 EST

Next message: Miklos Szeredi: "[RFC] atomic open(..., O_CREAT | ...)"
Previous message: Adam Litke: "RE: [RFC] Demand faulting for large pages"
Next in thread: Horst Schirmeier: "Re: [PATCH 2.6.13-rc3-git9] pl2303: pl2303_update_line_status data length fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 28, 2005 at 03:32:20PM +0200, Horst Schirmeier wrote:
> Minimum data length must be UART_STATE + 1, as data[UART_STATE] is being
> accessed for the new line_state. Although PL-2303 hardware is not
> expected to send data with exactly UART_STATE length, this keeps it on
> the safe side.
>
> Signed-off-by: Horst Schirmeier <horst@xxxxxxxxxxxxxx>
> ---
>
> --- linux-2.6.13-rc3-git9/drivers/usb/serial/pl2303.c.orig 2005-07-28 14:42:58.000000000 +0200
> +++ linux-2.6.13-rc3-git9/drivers/usb/serial/pl2303.c 2005-07-28 14:43:16.000000000 +0200
> @@ -826,7 +826,7 @@ static void pl2303_update_line_status(st
> struct pl2303_private *priv = usb_get_serial_port_data(port);
> unsigned long flags;
> u8 status_idx = UART_STATE;
> - u8 length = UART_STATE;
> + u8 length = UART_STATE + 1;

"safe side" yes, but this will just prevent any line changes from going
back to the user, right?

Hm, how is this working at all, it looks like we overflow the buffer...

Have you tested this change?

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Miklos Szeredi: "[RFC] atomic open(..., O_CREAT | ...)"
Previous message: Adam Litke: "RE: [RFC] Demand faulting for large pages"
Next in thread: Horst Schirmeier: "Re: [PATCH 2.6.13-rc3-git9] pl2303: pl2303_update_line_status data length fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]