On Sat, Jul 7, 2018 at 10:13 AM Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> wrote: > > Jann Horn, le sam. 07 juil. 2018 03:53:44 +0200, a ecrit: > > @@ -257,6 +257,8 @@ static ssize_t softsynthx_read(struct file *fp, char __user *buf, size_t count, > > 0x80 | (ch & 0x3f) > > }; > > > > + if (chars_sent + 2 > count) > > + break; > > if (copy_to_user(cp, s, sizeof(s))) > > return -EFAULT; > > Err, but then we have lost 'ch' that was consumed by the > synth_buffer_getc() call, so the fix seems wrong to me. Oh. Whoops. So that means I'd need to first synth_buffer_peek(), then synth_buffer_get() afterwards (and discard the result that time)? But there are also no locks held at the moment the code is in there, which could cause that approach to lead to inconsistent results... do you want me to resend with synth_buffer_peek() and an additional mutex that is held throughout softsynthx_read()? Or should I rewrite the patch to be simple and just bail out on `count < 3`? _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
