[PATCH] staging: comedi: usbdux: bug fix for accessing 'ao_chanlist' in private data

Bernd Porr mail at berndporr.me.uk
Mon Mar 31 14:57:20 UTC 2014


Indeed! That had been unnoticed for about 8 years! Well done Harley.

/Bernd

Ian Abbott wrote:
> [Sorry for the repeated email.  One of the addresses I was replying to 
> was corrupted.]
> 
> On 2014-03-28 16:20, H Hartley Sweeten wrote:
>> In usbdux_ao_cmd(), the channels for the command are transfered from the
>> cmd->chanlist and stored in the private data 'ao_chanlist'. The channel
>> numbers are bit-shifted when stored so that they become the "command"
>> that is transfered to the device. The channel to command conversion
>> results in the 'ao_chanlist' having these values for the channels:
>>
>>    channel 0 -> ao_chanlist = 0x00
>>    channel 1 -> ao_chanlist = 0x40
>>    channel 2 -> ao_chanlist = 0x80
>>    channel 3 -> ao_chanlist = 0xc0
>>
>> The problem is, the usbduxsub_ao_isoc_irq() function uses the 'chan' 
>> value
>> from 'ao_chanlist' to access the 'ao_readback' array in the private data.
>> So instead of accessing the array as 0, 1, 2, 3, it accesses it as 0x00,
>> 0x40, 0x80, 0xc0.
>>
>> Fix this by storing the raw channel number in 'ao_chanlist' and doing the
>> bit-shift when creating the command.
>>
>> Signed-off-by: H Hartley Sweeten <hsweeten at visionengravers.com>
>> Cc: Ian Abbott <abbotti at mev.co.uk>
>> Cc: Bernd Porr <mail at berndporr.me.uk>
>> Cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> 
> Nice catch!  Another one to add to my list of stable kernel comedi bugs 
> that need fixing.
> 
> Reviewed-by: Ian Abbott <abbotti at mev.co.uk>
> 

-- 
http://www.berndporr.me.uk
http://www.linux-usb-daq.co.uk
http://www.imdb.com/name/nm3293421/
+44 (0)7840 340069


More information about the devel mailing list