[haiku-development] Re: [Haiku-commits] r21410 - in haiku/trunk: headers/private/graphics/vmware src/add-ons/accelerants/vmware src/add-ons/kernel/drivers/graphics/vmware

On 14/06/07, Marcus Overhagen <marcusoverhagen@xxxxxxxx> wrote:

jackburton wrote:

>  SET_INDEXED_COLORS(uint count, uint8 first, uint8 *color_data, uint32
> flags)
>  {
Please check for invalid parameters that would cause memory corruption:
        if (count > 256 || (count + first) > 256)
                return B_BAD_VALUE;


> +             case VMWARE_SET_PALETTE:
> +             {
> +                     uint8 *color = (uint8 *)buf;

you should use user_memcpy() here (and all other places that copy from user 
pointers)

regards
Marcus



Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur  39,85 €  inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2




Not that the above driver is my area, but is there a user_memcpy?
Don't you need to use a dirty hack where you get the area_id, get the
offset from the start of the area in user space, and pass the area_id,
and offset from accelerant to the kernel???  I seem to remember about
some USB issue where this was required.  I've implemented it for a
Radeon media-addon issue (not commited).  User-memcpy would be nice.
Or is the hack method required for R5 compatibility?

Euan

Other related posts: