[alsa-devel] [patch] ALSA: firewire-tascam: off by one in identify_model()
In the original code, we potentially put a NUL character in model[8] and it caused a static checker warning. We can put the NUL in model[7] instead.
Fixes: 53b3ffee7885 ('ALSA: firewire-tascam: change device probing processing') Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c index c6747a4..6ef2bcc 100644 --- a/sound/firewire/tascam/tascam.c +++ b/sound/firewire/tascam/tascam.c @@ -51,7 +51,7 @@ static int identify_model(struct snd_tscm *tscm) }
/* Pick up model name from certain addresses. */ - for (i = 0; i < 8; i++) { + for (i = 0; i < 7; i++) { c = config_rom[28 + i / 4] >> (24 - 8 * (i % 4)); if (c == '\0') break;
On Thu, 15 Oct 2015 20:18:29 +0200, Dan Carpenter wrote:
In the original code, we potentially put a NUL character in model[8] and it caused a static checker warning. We can put the NUL in model[7] instead.
I guess it's better to expand model[] to 9 bytes instead. The logic is to retrieve the string from the config rom, and it's up to 8 letters.
thanks,
Takashi
Fixes: 53b3ffee7885 ('ALSA: firewire-tascam: change device probing processing') Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c index c6747a4..6ef2bcc 100644 --- a/sound/firewire/tascam/tascam.c +++ b/sound/firewire/tascam/tascam.c @@ -51,7 +51,7 @@ static int identify_model(struct snd_tscm *tscm) }
/* Pick up model name from certain addresses. */
- for (i = 0; i < 8; i++) {
- for (i = 0; i < 7; i++) { c = config_rom[28 + i / 4] >> (24 - 8 * (i % 4)); if (c == '\0') break;
On Sat, Oct 17, 2015 at 12:11:58PM +0200, Takashi Iwai wrote:
On Thu, 15 Oct 2015 20:18:29 +0200, Dan Carpenter wrote:
In the original code, we potentially put a NUL character in model[8] and it caused a static checker warning. We can put the NUL in model[7] instead.
I guess it's better to expand model[] to 9 bytes instead. The logic is to retrieve the string from the config rom, and it's up to 8 letters.
Ok. I will resend.
regards, dan carpenter
On Oct 17 2015 21:02, Dan Carpenter wrote:
On Sat, Oct 17, 2015 at 12:11:58PM +0200, Takashi Iwai wrote:
On Thu, 15 Oct 2015 20:18:29 +0200, Dan Carpenter wrote:
In the original code, we potentially put a NUL character in model[8] and it caused a static checker warning. We can put the NUL in model[7] instead.
I guess it's better to expand model[] to 9 bytes instead. The logic is to retrieve the string from the config rom, and it's up to 8 letters.
Ok. I will resend.
I think this idea is better, too.
Thanks
Takashi Sakamoto
Let's leave space for the NUL char otherwise the static checkers complain that we go beyond the end of the array.
Fixes: 53b3ffee7885 ('ALSA: firewire-tascam: change device probing processing') Signed-off-by: Dan Carpenter dan.carpenter@oracle.com --- v2: I truncated the last char in v1 instead of making the buffer larger
diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c index c6747a4..79cb9e9 100644 --- a/sound/firewire/tascam/tascam.c +++ b/sound/firewire/tascam/tascam.c @@ -40,7 +40,7 @@ static int identify_model(struct snd_tscm *tscm) { struct fw_device *fw_dev = fw_parent_device(tscm->unit); const u32 *config_rom = fw_dev->config_rom; - char model[8]; + char model[9]; unsigned int i; u8 c;
On Oct 19 2015 20:29, Dan Carpenter wrote:
Let's leave space for the NUL char otherwise the static checkers complain that we go beyond the end of the array.
Fixes: 53b3ffee7885 ('ALSA: firewire-tascam: change device probing processing') Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
Reviewed-by: Takashi Sakamoto o-takashi@sakamocchi.jp
Thank you to fix it.
Takashi Sakamoto
v2: I truncated the last char in v1 instead of making the buffer larger
diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c index c6747a4..79cb9e9 100644 --- a/sound/firewire/tascam/tascam.c +++ b/sound/firewire/tascam/tascam.c @@ -40,7 +40,7 @@ static int identify_model(struct snd_tscm *tscm) { struct fw_device *fw_dev = fw_parent_device(tscm->unit); const u32 *config_rom = fw_dev->config_rom;
- char model[8];
- char model[9]; unsigned int i; u8 c;
On Mon, 19 Oct 2015 13:29:27 +0200, Dan Carpenter wrote:
Let's leave space for the NUL char otherwise the static checkers complain that we go beyond the end of the array.
Fixes: 53b3ffee7885 ('ALSA: firewire-tascam: change device probing processing') Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
v2: I truncated the last char in v1 instead of making the buffer larger
Applied, thanks.
Takashi
diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c index c6747a4..79cb9e9 100644 --- a/sound/firewire/tascam/tascam.c +++ b/sound/firewire/tascam/tascam.c @@ -40,7 +40,7 @@ static int identify_model(struct snd_tscm *tscm) { struct fw_device *fw_dev = fw_parent_device(tscm->unit); const u32 *config_rom = fw_dev->config_rom;
- char model[8];
- char model[9]; unsigned int i; u8 c;
participants (3)
-
Dan Carpenter -
Takashi Iwai -
Takashi Sakamoto