On Sun, Dec 23, 2012 at 4:11 PM, Arik Nemtsov <arik@xxxxxxxxxx> wrote:
> On Sun, Dec 23, 2012 at 2:07 PM, <chen.ganir@xxxxxx> wrote:
>> From: Chen Ganir <chen.ganir@xxxxxx>
>>
>> Texas Instruments controllers can be configured to send the
>> internal firmware log through a vendor specific HCI event on
>> the hci transport.
>> This patch allows capturing those log events, and writing them
>> to a file, which can then be used with the latest TI Logger
>> application to read and show the logs.
>>
>> This is usefull in case there is no other way to get the TI log
>> (for example, the lack of a connection to the controller Log TX
>> hardware line).
> [...]
>> @@ -300,7 +308,24 @@ static int process_frames(int dev, int sock, int fd, unsigned long flags)
> [...]
>> + char out[2];
>> + int i;
>> +
>> + for(i = 0;i < tp->size-2;i++) {
>> + sprintf(out,"%02X",tp->data[i]);
>> + if (write_n(fd, out, 2) < 0) {
>
> Seems to me this can overflow when tp->size - 2 > sizeof(out) ?
I'm sorry. I misread the code - but there's still an off-by-one here,
since 3 bytes are written to out (the null terminator).
Arik
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
