While strolling trough the sermouse driver for some example code, I
noticed 2 strange things happening there :
* In the sermouse_connect function an input device structure is
allocated (input_allocate_device), which is not deallocated
in the sermouse_disconnect function.
If I understand this correctly someone repeatedly connecting and
disconnecting the mouse would leak input_dev structures.
* In the sermouse_connect function the phys member of the sermouse
structure (32 characters) is initialised with :
sprintf(sermouse->phys, "%s/input0", serio->phys);
Because serio->phys is also a 32 character field the sprintf could
result in 39 characters being written to the sermouse->phys.
If my understanding of both these concepts is correct, this is a patch
to fix the problems.
Signed-off-by: Wouter Paesen <[email protected]>
--- a/drivers/input/mouse/sermouse.c 2006-06-15 08:47:47.000000000 +0200
+++ b/drivers/input/mouse/sermouse.c 2006-06-15 08:52:13.000000000 +0200
@@ -53,7 +53,7 @@
unsigned char count;
unsigned char type;
unsigned long last;
- char phys[32];
+ char phys[39];
};
/*
@@ -233,6 +233,7 @@
serio_close(serio);
serio_set_drvdata(serio, NULL);
input_unregister_device(sermouse->dev);
+ input_free_device(sermouse->dev);
kfree(sermouse);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
