On 25/05/05 18:05, Pete Zaitcev wrote: > On Wed, 25 May 2005 11:54:44 +0100, Ian Abbott <[EMAIL PROTECTED]> wrote: > >>>Bug inside bugfix. >> >>Please see attached patch for 2.6. It might also apply to >>2.4.31-pre2-bk4 with some fuzz, but I haven't tried it. > > >>- if (unicode_size <= 0) >>- return; >>+ if (unicode_size < 0) >>+ unicode_size = 0; >> >> for (i = 0; i < unicode_size; ++i) >> string[i] = (char)(le16_to_cpu(unicode[i])); > > > I do not like this either. What does happen when the unicode_size is > larger than 30? Someone was in a big hurry pushing "security" fix out.
I was just patching up the bung, not the whole boat. Only happens if the manufacturer descriptor is wrong. Another way to fix that would be to clip manuf_descriptor.SerNumLength to sizeof(manuf_descriptor.SerialNumber), etc. > But let's fix it properly, shall we? If you like! > Please see how the math is made more elegant. Plus, all sorts of little > bugs were removed. Notice how the last character of the manufacturer's > name was always overwritten with space. Now, it's not (unless zero). I'm just wondering what was in all those final characters that the original version stripped, but that your new version includes. Spaces or nulls or random junk following a preceding null, I guess. If the strings in manuf_descriptor aren't null terminated, the converted strings will be one character longer in your new version (but who cares - they're only going to dbg()). [patch snipped] > All this only goes to show that someone should have used usb_string() > instead of having own get_string(). > > I think I should save this little problem for interviews. > It's all about the good taste and good traditions, down to "++i". I guess "++i" is one of your "things" :-) > But most importantly, Ian, I challenge you to find a corner case which > the patch above does not process right. Apply to your tree only if > you're unable! Otherwise, send me a scenario where it fails. Looks fine, but strlen(edge_serial->name) could be up to 2 chars longer in the new version compared to the old version (assuming it doesn't hit your buflen checks). Regards, Ian. -- -=( Ian Abbott @ MEV Ltd. E-mail: <[EMAIL PROTECTED]> )=- -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=- ------------------------------------------------------- SF.Net email is sponsored by: GoToMeeting - the easiest way to collaborate online with coworkers and clients while avoiding the high cost of travel and communications. There is no equipment to buy and you can meet as often as you want. Try it free.http://ads.osdn.com/?ad_id=7402&alloc_id=16135&op=click _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
