re: Staging: comedi: add usb usbdux driver

[Dan Carpenter <dan.carpenter@xxxxxxxxxx>]

Hi Bernd,

I had a couple questions about the usbdux.c driver:

  1705	/* reads the 4 counters, only two are used just now */
  1706	static int usbdux_counter_read(struct comedi_device *dev,
  1707				       struct comedi_subdevice *s,
  1708				       struct comedi_insn *insn, unsigned int *data)
  1709	{
  1710		struct usbduxsub *this_usbduxsub = dev->private;
  1711		int chan = insn->chanspec;

Shouldn't this be:
		int chan = CR_CHAN(insn->chanspec);

  1712		int err;
  1713	
  1714		if (!this_usbduxsub)
  1715			return -EFAULT;
  1716	
  1717		down(&this_usbduxsub->sem);
  1718	
  1719		if (!(this_usbduxsub->probed)) {
  1720			up(&this_usbduxsub->sem);
  1721			return -ENODEV;
  1722		}
  1723	
  1724		err = send_dux_commands(this_usbduxsub, READCOUNTERCOMMAND);
  1725		if (err < 0) {
  1726			up(&this_usbduxsub->sem);
  1727			return err;
  1728		}
  1729	
  1730		err = receive_dux_commands(this_usbduxsub, READCOUNTERCOMMAND);
  1731		if (err < 0) {
  1732			up(&this_usbduxsub->sem);
  1733			return err;
  1734		}
  1735	
  1736		data[0] = le16_to_cpu(this_usbduxsub->insnBuffer[chan + 1]);
                                                                 ^^^^^^^^
Where does the "+ 1" come from?  Couldn't this lead to an off by one
because comedi_check_chanlist() checks that "chan" is within bounds
but not "chan + 1".

  1737		up(&this_usbduxsub->sem);
  1738		return 1;
  1739	}

regards,
dan carpenter

_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel