CVS commit: src/sys/arch/dreamcast/dev

Fri, 27 Jul 2012 00:42:37 -0700 

Module Name:    src
Committed By:   abs
Date:           Fri Jul 27 07:42:27 UTC 2012

Modified Files:
        src/sys/arch/dreamcast/dev: gdrom.c

Log Message:
- Adjust the TOC parsing to reject an TOC with invalid (zero) track ids.
  Avoids dereferencing off the start of the TOC track array.
- Add #ifdef GDROMDEBUGTOC for dumping out the gdrom TOC values


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/arch/dreamcast/dev/gdrom.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/dreamcast/dev/gdrom.c
diff -u src/sys/arch/dreamcast/dev/gdrom.c:1.34 src/sys/arch/dreamcast/dev/gdrom.c:1.35
--- src/sys/arch/dreamcast/dev/gdrom.c:1.34	Wed Sep  1 16:48:00 2010
+++ src/sys/arch/dreamcast/dev/gdrom.c	Fri Jul 27 07:42:26 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: gdrom.c,v 1.34 2010/09/01 16:48:00 tsutsui Exp $	*/
+/*	$NetBSD: gdrom.c,v 1.35 2012/07/27 07:42:26 abs Exp $	*/
 
 /*-
  * Copyright (c) 2001 Marcus Comstedt
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>			/* RCS ID & Copyright macro defns */
-__KERNEL_RCSID(0, "$NetBSD: gdrom.c,v 1.34 2010/09/01 16:48:00 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: gdrom.c,v 1.35 2012/07/27 07:42:26 abs Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -586,15 +586,35 @@ gdromioctl(dev_t dev, u_long cmd, void *
 
 		if (error != 0)
 			return error;
-
+#ifdef GDROMDEBUGTOC 
+		{ /* Dump the GDROM TOC */
+		unsigned char *ptr = (unsigned char *)&toc;
+		int i;
+
+		printf("gdrom: TOC\n");
+		for(i = 0; i < sizeof(toc); ++i) {
+			printf("%02x", *ptr++);
+			if( i%32 == 31)
+				printf("\n");
+			else if( i%4 == 3)
+				printf(",");
+		}
+		printf("\n");
+		}
+#endif
 		for (track = TOC_TRACK(toc.last);
 		    track >= TOC_TRACK(toc.first);
-		    --track)
+		    --track) {
+			if (track < 1 || track > 100)
+				return ENXIO;
 			if (TOC_CTRL(toc.entry[track - 1]))
 				break;
+		}
 
-		if (track < TOC_TRACK(toc.first) || track > 100)
-			return ENXIO;
+#ifdef GDROMDEBUGTOC 
+		printf("gdrom: Using track %d, LBA %u\n", track,
+		    TOC_LBA(toc.entry[track - 1]));
+#endif
 
 		*(int *)addr = htonl(TOC_LBA(toc.entry[track - 1])) -
 		    sc->openpart_start;

Reply via email to