Re: [CHECKER] potential dereference of user pointer errors

Chris Wright (chris@wirex.com)
Fri, 21 Mar 2003 16:47:08 -0800

* Greg KH (greg@kroah.com) wrote:
>
> Ugh, that's pretty bad. That whole chunk of debug code should just be
> replaced with a call to usb_serial_debug_data() like the other
> usb-serial drivers do.
>
> Patches welcomed :)

Something like this?

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


===== drivers/usb/serial/kobil_sct.c 1.5 vs edited =====
--- 1.5/drivers/usb/serial/kobil_sct.c	Wed Mar 12 14:57:33 2003
+++ edited/drivers/usb/serial/kobil_sct.c	Fri Mar 21 16:50:56 2003
@@ -406,8 +406,6 @@
 	int result = 0;
 	int todo = 0;
 	struct kobil_private * priv;
-	int i;
-	char *data;
 
 	if (count == 0) {
 		dbg("%s - port %d write request of 0 bytes", __FUNCTION__, port->number);
@@ -421,19 +419,6 @@
 		return -ENOMEM;
 	}
 
-	// BEGIN DEBUG
-	data = (unsigned char *) kmalloc((3 * count + 10) * sizeof(char), GFP_KERNEL);  
-	if (! data) {
-		return (-1);
-	}
-	memset(data, 0, (3 * count + 10));
-	for (i = 0; i < count; i++) { 
-		sprintf(data +3*i, "%02X ", buf[i]); 
-	} 
-	dbg(" %d --> %s", port->number, data );
-	kfree(data);
-	// END DEBUG
-
 	// Copy data to buffer
 	if (from_user) {
 		if (copy_from_user(priv->buf + priv->filled, buf, count)) {
@@ -442,6 +427,8 @@
 	} else {
 		memcpy (priv->buf + priv->filled, buf, count);
 	}
+
+	usb_serial_debug_data (__FILE__, __FUNCTION__, count, priv->buf + priv->filled);
 
 	priv->filled = priv->filled + count;
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/