[PATCH] staging: comedi: usbdux: bug fix for accessing 'ao_chanlist' in private data
Bernd Porr
mail at berndporr.me.uk
Mon Mar 31 14:57:20 UTC 2014
Indeed! That had been unnoticed for about 8 years! Well done Harley.
/Bernd
Ian Abbott wrote:
> [Sorry for the repeated email. One of the addresses I was replying to
> was corrupted.]
>
> On 2014-03-28 16:20, H Hartley Sweeten wrote:
>> In usbdux_ao_cmd(), the channels for the command are transfered from the
>> cmd->chanlist and stored in the private data 'ao_chanlist'. The channel
>> numbers are bit-shifted when stored so that they become the "command"
>> that is transfered to the device. The channel to command conversion
>> results in the 'ao_chanlist' having these values for the channels:
>>
>> channel 0 -> ao_chanlist = 0x00
>> channel 1 -> ao_chanlist = 0x40
>> channel 2 -> ao_chanlist = 0x80
>> channel 3 -> ao_chanlist = 0xc0
>>
>> The problem is, the usbduxsub_ao_isoc_irq() function uses the 'chan'
>> value
>> from 'ao_chanlist' to access the 'ao_readback' array in the private data.
>> So instead of accessing the array as 0, 1, 2, 3, it accesses it as 0x00,
>> 0x40, 0x80, 0xc0.
>>
>> Fix this by storing the raw channel number in 'ao_chanlist' and doing the
>> bit-shift when creating the command.
>>
>> Signed-off-by: H Hartley Sweeten <hsweeten at visionengravers.com>
>> Cc: Ian Abbott <abbotti at mev.co.uk>
>> Cc: Bernd Porr <mail at berndporr.me.uk>
>> Cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
>
> Nice catch! Another one to add to my list of stable kernel comedi bugs
> that need fixing.
>
> Reviewed-by: Ian Abbott <abbotti at mev.co.uk>
>
--
http://www.berndporr.me.uk
http://www.linux-usb-daq.co.uk
http://www.imdb.com/name/nm3293421/
+44 (0)7840 340069
More information about the devel
mailing list