Re: [PATCH] Fix NR_KEYS off-by-one error
From: OGAWA Hirofumi
Date: Sat Jul 17 2004 - 01:27:55 EST
Andries Brouwer <aebr@xxxxxxxxxx> writes:
> On Sat, Jul 17, 2004 at 01:35:59AM +0900, OGAWA Hirofumi wrote:
>
> :: KDGKBENT ioctl can use 256 entries (0-255), but it was defined as
> :: key_map[NR_KEYS] (NR_KEYS == 255). The code seems also thinking it's 256.
> ::
> :: key_map[0] = U(K_ALLOCATED);
> :: for (j = 1; j < NR_KEYS; j++)
> :: key_map[j] = U(K_HOLE);
>
> I think the code has no opinion. It was 128 in 2.4.
> I am not aware of assumptions on NR_KEYS.
> So, do not think this is an off-by-one error.
My point is that key_map is 0-254 array. But KDGKBENT uses 255
case KDGKBENT:
key_map = key_maps[s];
if (key_map) {
val = U(key_map[i]);
if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES)
val = K_HOLE;
} else
val = (i ? K_HOLE : K_NOSUCHMAP);
return put_user(val, &user_kbe->kb_value);
Thanks.
--
OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/