Re: Fix sequencer missing negative bound check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



<quote sender="[email protected]">
> On Thu, 16 Mar 2006 09:19:11 +0800, Eugene Teo said:
> > dev is missing a negative bound check.
> > 
> > Signed-off-by: Eugene Teo <[email protected]>
[snipped]
> static void seq_sysex_message(unsigned char *event_rec)
> {
>         int dev = event_rec[1];
>         int i, l = 0;
>         unsigned char  *buf = &event_rec[2];
> 
>         if ((int) dev > max_synthdev)
>                 return;
[snipped]
> that 'int dev' came out of an 'unsigned char *' - as such, I doubt you
> can get a negative value.  If anything, it should be 'unsigned int dev'.

Yes, thanks for pointing it out.

--
'int dev' came out of an 'unsigned char *' - as such, it will not get
a negative value. Thanks Valdis.

Signed-off-by: Eugene Teo <[email protected]>

--- linux-2.6/sound/oss/sequencer.c~	2006-03-15 10:05:45.000000000 +0800
+++ linux-2.6/sound/oss/sequencer.c	2006-03-16 11:15:31.000000000 +0800
@@ -709,7 +709,7 @@
 
 static void seq_sysex_message(unsigned char *event_rec)
 {
-	int dev = event_rec[1];
+	unsigned int dev = event_rec[1];
 	int i, l = 0;
 	unsigned char  *buf = &event_rec[2];
 
-- 
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265  9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux