Hi Greg,
it seems this segfault bugfix was not merged in usbutils-003. Is there
anything I can do to get this merged?
Regards,
Carl-Daniel
Am 25.05.2011 01:06 schrieb Carl-Daniel Hailfinger:
> Am 25.05.2011 00:18 schrieb Greg KH:
>> On Wed, May 25, 2011 at 12:02:48AM +0200, Carl-Daniel Hailfinger wrote:
>>
>>> Hi,
>>>
>>> I was playing with the "authorized" attribute of USB devices in
>>> sysfs. If I have at least one device with authorized=0, one or more
>>> lsusb bugs are triggered.
>>>
>>> "lsusb" will print nothing (really nothing, not even the host
>>> controllers)
>>>
>>> "lsusb -t" will segfault.
>>> gdb output follows.
>>> Core was generated by `lsusb -t'.
>>> Program terminated with signal 11, Segmentation fault.
>>> #0 read_sysfs_file_string (d_name=<value optimized out>,
>>> file=<value optimized out>, buf=0x180fd10 "", len=-1) at lsusb-t.c:246
>>> 246 if (buf[r] == '\n')
>>> (gdb) bt
>>> #0 read_sysfs_file_string (d_name=<value optimized out>,
>>> file=<value optimized out>, buf=0x180fd10 "", len=-1) at lsusb-t.c:246
>>> #1 0x000000000040b134 in add_usb_device (d_name=0x180764b "2-3") at
>>> lsusb-t.c:380
>>> #2 0x000000000040b6d8 in inspect_bus_entry () at lsusb-t.c:462
>>> #3 walk_usb_devices () at lsusb-t.c:471
>>> #4 lsusb_t () at lsusb-t.c:701
>>> #5 0x0000000000401c7d in treedump () at lsusb.c:3925
>>> #6 0x000000000040a26c in main (argc=2, argv=0x7fff461f5128) at
>>> lsusb.c:4052
>>>
>>> This is usbutils-002 on openSUSE 11.3, vanilla kernel 2.6.39, x86_64.
>>>
>>> Same problem exists with usbutils-0.84 on that machine.
>>>
>>> Any hints would be appreciated. I'd send lsusb output, but it is
>>> empty for the case where the bug is triggered.
>>>
>> Well, if the device can't be accessed, as you disabled it through the
>> authorised=0 setting, lsusb shouldn't really be able to do much with it.
>>
>
> "lsusb" (without -v) should be able to list it with vendor:device ID
> and bus location. That info is available from sysfs even for devices
> with authorized=0. To test that, I just wrote a shell script which
> provides the same output as lsusb, and it works fine regardless of the
> authorized=[01] status of any device.
>
>
>
>> But it shouldn't crash. I'll look at that next week when I get a
>> chance, thanks for the bug report.
>>
>
> Found the crasher bug. Patch follows (whitespace-damaged, I can resend
> once I have access to a proper mailer again).
>
>
> If read_sysfs_file_string() encounters a zero-length file, it will
> write '\0' at index -1 of the provided buffer. Handle zero-length
> files gracefully by falling through to the error handler which does
> the right thing (tm).
>
> Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@xxxxxxx>
>
> diff --git a/lsusb-t.c b/lsusb-t.c
> index 8bcdbf1..5438704 100644
> --- a/lsusb-t.c
> +++ b/lsusb-t.c
> @@ -235,7 +235,7 @@ static void read_sysfs_file_string(const char
> *d_name, const char *file, char *b
> goto error;
> r = read(fd, buf, len);
> close(fd);
> - if (r >= 0&& r < len) {
> + if (r > 0&& r < len) {
> buf[r] = '\0';
> r--;
> while (buf[r] == '\n') {
>
>
--
http://www.hailfinger.org/
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
