<quote sender="[email protected]">
> On Thu, 16 Mar 2006 09:19:11 +0800, Eugene Teo said:
> > dev is missing a negative bound check.
> >
> > Signed-off-by: Eugene Teo <[email protected]>
[snipped]
> static void seq_sysex_message(unsigned char *event_rec)
> {
> int dev = event_rec[1];
> int i, l = 0;
> unsigned char *buf = &event_rec[2];
>
> if ((int) dev > max_synthdev)
> return;
[snipped]
> that 'int dev' came out of an 'unsigned char *' - as such, I doubt you
> can get a negative value. If anything, it should be 'unsigned int dev'.
Yes, thanks for pointing it out.
--
'int dev' came out of an 'unsigned char *' - as such, it will not get
a negative value. Thanks Valdis.
Signed-off-by: Eugene Teo <[email protected]>
--- linux-2.6/sound/oss/sequencer.c~ 2006-03-15 10:05:45.000000000 +0800
+++ linux-2.6/sound/oss/sequencer.c 2006-03-16 11:15:31.000000000 +0800
@@ -709,7 +709,7 @@
static void seq_sysex_message(unsigned char *event_rec)
{
- int dev = event_rec[1];
+ unsigned int dev = event_rec[1];
int i, l = 0;
unsigned char *buf = &event_rec[2];
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]