On Mon, Jul 17, 2017 at 06:22:08PM -0700, Joe Perches wrote:
> read_bitstream takes an int rdsize, not a u16.
> and this function will overflow tbuf if len > 64
>
> static void readinfo_bitstream(char *bitdata, char *buf, int *offset)
> {
> char tbuf[64];
> s32 len;
>
> /* read section char */
> read_bitstream(bitdata, tbuf, offset, 1);
>
> /* read length */
> read_bitstream(bitdata, tbuf, offset, 2);
>
> len = tbuf[0] << 8 | tbuf[1];
>
> read_bitstream(bitdata, buf, offset, len);
> buf[len] = '\0';
> }
>
> len is up to 64k but tbuf is 64 bytes.
tbuf is used here to read a total of 3 bytes over two calls to
read_bitstream. The larger read of size, len, is stored to buf which is
MAX_STR bytes in length.
> len = get_unaligned_le16(tbuf)
>
> might be nicer than
>
> len = tbuf[0] << 8 | tbuf[1];
Agreed, though it should be "get_unaligned_be16".
Thanks.
Regards,
Jacob von Chorus
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
