Hello Anders,
The dt9812 driver seems to have a problem where it uses raw
insn->chanspec instead of CR_CHAN(insn->chanspec). You don't want
to do that because then you would have to create a separate version
of comedi_check_chanlist() to verify that raw insn->chanspec values
are within bounds. Otherwise a bug in calling the ioctl could lead
to memory corruption.
drivers/staging/comedi/drivers/dt9812.c
945 static int dt9812_di_rinsn(struct comedi_device *dev,
946 struct comedi_subdevice *s, struct comedi_insn
*insn,
947 unsigned int *data)
948 {
949 struct comedi_dt9812 *devpriv = dev->private;
950 int n;
951 u8 bits = 0;
952
953 dt9812_digital_in(devpriv->slot, &bits);
954 for (n = 0; n < insn->n; n++)
955 data[n] = ((1 << insn->chanspec) & bits) != 0;
^^^^^^^^^^^^^^
This should be something like:
chan = CR_CHAN(insn->chanspec);
data[n] = ((1 << chan) & bits) != 0;
956 return n;
957 }
regards,
dan carpenter
_______________________________________________
devel mailing list
[email protected]
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
