Re: [PATCH] raw1394 missing failure handling

From: Sergey Vlasov
Date: Wed Mar 02 2005 - 06:46:41 EST

Next message: Paul Mundt: "Re: RFC: disallow modular framebuffers"
Previous message: Kristian Sørensen: "UserMode bug in 2.6.11-rc5?"
In reply to: Gene Heskett: "Re: [PATCH] raw1394 missing failure handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 02 Mar 2005 12:10:50 +0100 Panagiotis Issaris wrote:

> In the raw1394 driver the failure handling for
> a __copy_to_user call is missing.
>
> With friendly regards,
> Takis
>
> --
> K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
> http://people.mech.kuleuven.ac.be/~pissaris/
>
>
>
> [pi-20050302T114855-linux_2_6_11-raw1394_copy_to_user_failure_handling.diff text/x-patch (922 bytes)]
> diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c linux-2.6.11-pi/drivers/ieee1394/raw1394.c
> --- linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02 11:44:26.000000000 +0100
> +++ linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02 11:47:38.000000000 +0100
> @@ -443,7 +443,8 @@ static ssize_t raw1394_read(struct file
> req->req.error = RAW1394_ERROR_MEMFAULT;
> }
> }
> - __copy_to_user(buffer, &req->req, sizeof(req->req));
> + if (__copy_to_user(buffer, &req->req, sizeof(req->req)))
> + return -EFAULT;

Bug: "req" is not freed in the failure case.

>
> free_pending_request(req);
> return sizeof(struct raw1394_request);
>

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Paul Mundt: "Re: RFC: disallow modular framebuffers"
Previous message: Kristian Sørensen: "UserMode bug in 2.6.11-rc5?"
In reply to: Gene Heskett: "Re: [PATCH] raw1394 missing failure handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]