[haiku-commits] r42088 - haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial

  • From: mmlr@xxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Fri, 10 Jun 2011 19:20:27 +0200 (CEST)

Author: mmlr
Date: 2011-06-10 19:20:27 +0200 (Fri, 10 Jun 2011)
New Revision: 42088
Changeset: https://dev.haiku-os.org/changeset/42088

Modified:
   haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/FTDI.cpp
   haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/KLSI.cpp
Log:
Apply limits to the transfer lengths. At least in the case where a one byte FTDI
header is used that only has 6 bits of length info this would've previously
potentially overflowed depending on the input size.


Modified: haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/FTDI.cpp
===================================================================
--- haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/FTDI.cpp    
2011-06-10 17:18:06 UTC (rev 42087)
+++ haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/FTDI.cpp    
2011-06-10 17:20:27 UTC (rev 42088)
@@ -225,9 +225,12 @@
 void
 FTDIDevice::OnWrite(const char *buffer, size_t *numBytes, size_t *packetBytes)
 {
+       if (*numBytes > FTDI_BUFFER_SIZE)
+               *numBytes = *packetBytes = FTDI_BUFFER_SIZE;
+
        char *writeBuffer = WriteBuffer();
        if (fHeaderLength > 0) {
-               if (*numBytes >= WriteBufferSize() - fHeaderLength)
+               if (*numBytes > WriteBufferSize() - fHeaderLength)
                        *numBytes = *packetBytes = WriteBufferSize() - 
fHeaderLength;
 
                *writeBuffer = FTDI_OUT_TAG(*numBytes, FTDI_PIT_DEFAULT);

Modified: haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/KLSI.cpp
===================================================================
--- haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/KLSI.cpp    
2011-06-10 17:18:06 UTC (rev 42087)
+++ haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial/KLSI.cpp    
2011-06-10 17:20:27 UTC (rev 42088)
@@ -149,7 +149,10 @@
 void
 KLSIDevice::OnWrite(const char *buffer, size_t *numBytes, size_t *packetBytes)
 {
-       if (*numBytes >= WriteBufferSize() - 2)
+       if (*numBytes > KLSI_BUFFER_SIZE)
+               *numBytes = *packetBytes = KLSI_BUFFER_SIZE;
+
+       if (*numBytes > WriteBufferSize() - 2)
                *numBytes = *packetBytes = WriteBufferSize() - 2;
 
        char *writeBuffer = WriteBuffer();

Other related posts:

  • » [haiku-commits] r42088 - haiku/trunk/src/add-ons/kernel/drivers/ports/usb_serial - mmlr
  1. Home
  2. haiku-commits
  3. Archive
  4. 06-2011