On 07/13/2014 08:17 AM, Jean Delvare wrote:
I2C block transfers can have a size up to 32 bytes. If starting close to the end of the address space, there may not be enough room to write that many bytes (on I2C block writes) or not enough bytes to be read (on I2C block reads.) In that case, we must shorten the transfer so that it does not exceed the address space. Signed-off-by: Jean Delvare <jdelvare@xxxxxxx> Cc: Guenter Roeck <linux@xxxxxxxxxxxx> Cc: Wolfram Sang <wsa@xxxxxxxxxxxxx> --- drivers/i2c/i2c-stub.c | 2 ++ 1 file changed, 2 insertions(+) --- linux-3.16-rc4.orig/drivers/i2c/i2c-stub.c 2014-07-12 11:56:30.933096483 +0200 +++ linux-3.16-rc4/drivers/i2c/i2c-stub.c 2014-07-13 17:01:02.891235856 +0200 @@ -220,6 +220,8 @@ static s32 stub_xfer(struct i2c_adapter * We ignore banks here, because banked chips don't use I2C * block transfers */ + if (data->block[0] > 256 - command) /* Avoid overrun */ + data->block[0] = 256 - command;
Hi Jean, is it safe to overwrite data->block[0], or should it be something like the following ? if (data->block[0] > 256 - command) /* Avoid overrun */ len = 256 - command; else len = data->block[0]; Also, wonder what happens in the real world if anyone does that. Would the write stop at offset 255, or would it wrap and write from 0 ? Thanks, Guenter -- To unsubscribe from this list: send the line "unsubscribe linux-i2c" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
