[haiku-bugs] Re: [Haiku] #5118: Haiku panics on HDA sound card
- From: "bonefish" <trac@xxxxxxxxxxxx>
- Date: Sun, 13 Dec 2009 21:01:12 -0000
#5118: Haiku panics on HDA sound card
---------------------------+------------------------------------------------
Reporter: flaggy | Owner: nobody
Type: bug | Status: new
Priority: normal | Milestone: Unscheduled
Component: Audio & Video | Version: R1/Development
Keywords: | Blockedby:
Platform: x86 | Blocking:
---------------------------+------------------------------------------------
Comment(by bonefish):
@stippi: You must be looking at the wrong ioctl. The one that crashes is
8033 (B_MULTI_LIST_MIX_CONTROLS), i.e. list_mix_controls() or any of the
inlined functions it calls. What definitely isn't good is that
list_mix_controls() accesses the userland buffer it is passed unchecked
(all code in that file does :-/). But that wouldn't cause the crash in
strcpy(), since that doesn't use the userland buffer. It would help to
build the driver with debugging enabled, so that the stack trace gets a
bit more detailed.
Regarding the multi_description::channels issue you see, I don't.
B_MULTI_GET_DESCRIPTION seems to be one of the few places that actually
uses user_memcpy() to access user memory. Though it doesn't check whether
the pointers are userland addresses in the first place, but other than
that it looks OK to me.
--
Ticket URL: <http://dev.haiku-os.org/ticket/5118#comment:3>
Haiku <http://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
