Re: something odd in emu10k1/emufx

From: Takashi Iwai
Date: Sat Jan 19 2008 - 04:36:55 EST

Next message: Jarek Poplawski: "Re: [PATCH 7/7] driver-core : convert semaphore to mutex in structclass"
Previous message: Harvey Harrison: "Re: [PATCH] x86: Unify printk strings in fault_32|64.c"
In reply to: Al Viro: "something odd in emu10k1/emufx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At Sat, 19 Jan 2008 02:16:14 +0000,
Al Viro wrote:
>
> In copy_tlv() we have
> tlv = kmalloc(data[1] * 4 + sizeof(data), GFP_KERNEL);
> if (!tlv)
> return NULL;
> memcpy(tlv, data, sizeof(data));
> if (copy_from_user(tlv + 2, _tlv + 2, data[1])) {
> kfree(tlv);
> return NULL;
> }
> which looks rather odd, since either we kmalloc too much or copy too little...
> Comments?

It's the former case. The total length should be data[1] +
sizeof(data). I fixed on ALSA tree now.

Thanks,

Takashi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jarek Poplawski: "Re: [PATCH 7/7] driver-core : convert semaphore to mutex in structclass"
Previous message: Harvey Harrison: "Re: [PATCH] x86: Unify printk strings in fault_32|64.c"
In reply to: Al Viro: "something odd in emu10k1/emufx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]