sound/oss/cmpci.c | 19 +++++++++++++------
1 files changed, 13 insertions(+), 6 deletions(-)
diff -puN sound/oss/cmpci.c~cp-user-cmpci sound/oss/cmpci.c
--- linux-2.5.70-ds/sound/oss/cmpci.c~cp-user-cmpci 2003-06-08 15:36:16.000000000 +0530
+++ linux-2.5.70-ds-dipankar/sound/oss/cmpci.c 2003-06-08 20:39:03.000000000 +0530
@@ -588,7 +588,8 @@ static void trans_ac3(struct cm_state *s
unsigned short *src = (unsigned short *)source;
do {
- data = (unsigned long) *src++;
+ __get_user(data, src);
+ src++;
data <<= 12; // ok for 16-bit data
if (s->spdif_counter == 2 || s->spdif_counter == 3)
data |= 0x40000000; // indicate AC-3 raw data
@@ -1600,9 +1601,9 @@ static ssize_t cm_write(struct file *fil
return -ENXIO;
if (!s->dma_adc.ready && (ret = prog_dmabuf(s, 1)))
return ret;
- if (!access_ok(VERIFY_READ, buffer, count))
- return -EFAULT;
}
+ if (!access_ok(VERIFY_READ, buffer, count))
+ return -EFAULT;
ret = 0;
while (count > 0) {
@@ -1662,15 +1663,21 @@ static ssize_t cm_write(struct file *fil
swptr = (swptr + 2 * cnt) % s->dma_dac.dmasize;
} else if (s->status & DO_DUAL_DAC) {
int i;
- unsigned long *src, *dst0, *dst1;
+ unsigned long *src, *dst0, *dst1, data;
src = (unsigned long *) buffer;
dst0 = (unsigned long *) (s->dma_dac.rawbuf + swptr);
dst1 = (unsigned long *) (s->dma_adc.rawbuf + swptr);
// copy left/right sample at one time
for (i = 0; i <= cnt / 4; i++) {
- *dst0++ = *src++;
- *dst1++ = *src++;
+ if (__get_user(data, src))
+ return ret ? ret : -EFAULT;
+ *dst0++ = data;
+ src++;
+ if (__get_user(data, src))
+ return ret ? ret : -EFAULT;
+ *dst1++ = data;
+ src++;
}
swptr = (swptr + cnt) % s->dma_dac.dmasize;
} else {
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/