iio_utils.h bug?

[Zubair Lutfullah :]

Hi,

A guy posted this fix on my blog. I couldn't make sense of it.

Thought I'd post it here. I'll send a proper patch file if 
I knew what commit log I needed to write.
And I can't exactly sign-off :s.

I asked him to post but he couldn't/wouldn't.

Regards
ZubairLK


"Defend against buffer overflow of ci_array:

 code always overwrites one entry beyond end of array, now fixed
--Craig Markwardt"

iio_utils.h

@@ -335,6 +335,7 @@ inline int build_channel_array(const char *device_dir,
   while (ent = readdir(dp), ent != NULL) {
     if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
          "_en") == 0) {
+      int current_enabled = 0;
       current = &(*ci_array)[count++];
       ret = asprintf(&filename,
                "%s/%s", scan_el_dir, ent->d_name);
       if (ret < 0) {
         ret = -ENOMEM;
         /* decrement count to avoid freeing name */
         count--;
         goto error_cleanup_array;
       }

       sysfsfp = fopen(filename, "r");

       if (sysfsfp == NULL) {
         free(filename);
         ret = -errno;
         goto error_cleanup_array;
       }

-      fscanf(sysfsfp, "%u", &current->enabled);
+      fscanf(sysfsfp, "%u", &current_enabled);
       fclose(sysfsfp);

-      if (!current->enabled) {
+      if (!current_enabled) {
         free(filename);
         count--;
         continue;
       }
+      current->enabled = current_enabled;
       current->scale = 1.0;
       current->offset = 0;
       current->name = strndup(ent->d_name,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/