[PATCH] sound/isa : check __copy_to_user in sscape_upload_bootblock()
From: Jesper Juhl
Date: Sun Nov 28 2004 - 16:27:01 EST
__copy_to_user() is called without checking its return value in
sound/isa/sscape.c::sscape_upload_bootblock .
Signed-off-by: Jesper Juhl <juhl-lkml@xxxxxx>
diff -p -U 5 linux-2.6.10-rc2-bk11-orig/sound/isa/sscape.c linux-2.6.10-rc2-bk11/sound/isa/sscape.c
--- linux-2.6.10-rc2-bk11-orig/sound/isa/sscape.c 2004-11-17 01:20:39.000000000 +0100
+++ linux-2.6.10-rc2-bk11/sound/isa/sscape.c 2004-11-28 22:24:14.000000000 +0100
@@ -570,11 +570,12 @@ static int sscape_upload_bootblock(struc
if (ret == 0) {
if (data < 0) {
snd_printk(KERN_ERR "sscape: timeout reading firmware version\n");
ret = -EAGAIN;
} else {
- __copy_to_user(&bb->version, &data, sizeof(bb->version));
+ if (__copy_to_user(&bb->version, &data, sizeof(bb->version)))
+ ret = -EFAULT;
}
}
return ret;
}
--
Jesper Juhl
PS. Please CC me on replies from alsa-devel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/