On 03/18/2015 10:29 AM, Octavian Purdila wrote:
On Wed, Mar 18, 2015 at 11:19 AM, Lars-Peter Clausen <lars@xxxxxxxxxx> wrote:
+static ssize_t iio_buffer_store_watermark(struct device *dev,
+ struct device_attribute *attr,
+ const char *buf,
+ size_t len)
+{
+ struct iio_dev *indio_dev = dev_to_iio_dev(dev);
+ struct iio_buffer *buffer = indio_dev->buffer;
+ unsigned int val;
+ int ret;
+
+ ret = kstrtouint(buf, 10, &val);
+ if (ret)
+ return ret;
+ if (!val)
+ return -EINVAL;
+
+ mutex_lock(&indio_dev->mlock);
+
+ if (val > buffer->length) {
+ ret = -EINVAL;
+ goto out;
+ }
This is missing the check for val == 0.
Unless I misunderstand you, the check is done right after kstrtouint()
before taking the lock.
Yep, sorry overlooked that.
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
