> Here's a second try, as people had problems applying my
> previous patch
I proofread sound.80-2.diff. Here is what I found:
It patches clean against 2.1.80. My terribly slow 486 is still building
it and I will holler if I see any compile errors.
Here is a bug in file dmabuf.c, function DMAbuf_sync:
/* original code */
if (!(out_sleep_flag[dev].opts & WK_WAKEUP))
{ if (jiffies >= tlimit)
out_sleep_flag[dev].opts |= WK_TIMEOUT;
}
/* new code, lines 473-474 */
if (!(adev->out_sleep_flag.opts & WK_WAKEUP))
adev->out_sleep_flag.opts |= WK_TIMEOUT;
In the original code, the 'if (jiffies >= tlimit)' was on a long line
far past column 80.
Here is a bug in file pss.c, function pss_coproc_ioctl:
/* new code, lines 674-675 */
if (__copy_to_user(arg, &dbuf, sizeof(dbuf)))
return 0;
There is a missing 'return -EFAULT', which leads to a confused return
value. If __copy_to_user returns success, this code will fall through
and eventually return -EINVAL!
In file soundcard.c, functions get_mixer_info and get_old_mixer_info,
info.id is not always null-terminated. You need:
info.id[sizeof(info.id)-1] = '\0';
In file soundcard.c, function sound_ioctl, I think the logic that
eliminates 'mixdev' is faulty. 'dev', the minor device number,
comes from user space. The original code extracts 'mixdev' from 'dev'
and range-checks it against 0 and num_mixers. The new code omits
the range check. Thus, incorrect device numbers will lead to kernel
data corruption instead of -ENXIO.
Regards,
Michael