On Mon, Feb 06, 2017 at 04:09:18PM +0000, David Laight wrote: > From: Ben Hutchings [...] > > + ret = usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0), > > + RTL8150_REQ_GET_REGS, RTL8150_REQT_READ, > > + indx, 0, buf, size, 500); > > + if (ret > 0 && ret <= size) > > + memcpy(data, buf, ret); > > If ret > size something is horridly wrong. > Silently not updating the callers buffer at all cannot be right. Yes, it seems strange to check this. I originally wrote this as ret > 0, but then I checked the usbnet core and found __usbnet_read_cmd() has the second comparison as well. > > + kfree(buf); > > + return ret; > > I can't help feeling that it would be better to add a wrapper to > usb_control_msg() that does the kmalloc() and memcpy()s and > drop that into all the call sites. It might be. Right now I'm trying to patch up a bunch of regressions rather than argue over an API change. Ben. -- Ben Hutchings Experience is what causes a person to make new mistakes instead of old ones.
Attachment:
signature.asc
Description: Digital signature