[PATCH -next] [media] go7007: fix invalid use of sizeof in go7007_usb_i2c_master_xfer()
Hans Verkuil
hverkuil at xs4all.nl
Tue Mar 26 08:18:36 UTC 2013
On Tue March 26 2013 08:35:57 Dan Carpenter wrote:
> On Tue, Mar 26, 2013 at 10:04:15AM +0300, Dan Carpenter wrote:
> > On Tue, Mar 26, 2013 at 02:42:47PM +0800, Wei Yongjun wrote:
> > > From: Wei Yongjun <yongjun_wei at trendmicro.com.cn>
> > >
> > > sizeof() when applied to a pointer typed expression gives the
> > > size of the pointer, not that of the pointed data.
> > >
> >
> > This fix isn't right. "buf" is a char pointer. I don't know what
> > this code is doing. Instead of sizeof(*buf) it should be something
> > like "buflen", "msg[i].len", "msg[i].len + 1" or "msg[i].len + 3".
>
> It should be "msg[i].len + 1", I think.
Yes, that's correct.
'buf' used to be a local array, so the memset was fine. I changed it to an
array that was kmalloc()ed but forgot about the memset. I never noticed
the bug because the sizeof the message is typically quite small, certainly
smaller than sizeof(pointer) on a 64-bit system.
Wei Yongjun, can you post a new patch fixing this?
Thanks,
Hans
>
> On the line before it writes buflen bytes to the hardware. Then
> it clears the transfer buffer and reads "msg[i].len + 1" bytes from
> the hardware. Then it saves the memory, except for the first byte,
> in msg[i].buf.
>
> So it should clear "msg[i].len + 1" bytes so that the old data isn't
> confused with the data that we read from the hardware.
>
> regards,
> dan carpenter
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-media" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
More information about the devel
mailing list