Am 12.07.2011 07:52 schrieb Carl-Daniel Hailfinger: > Hi Greg, > > it seems this segfault bugfix was not merged in usbutils-003. Is there > anything I can do to get this merged? > I forgot to mention that this patch was also sent in a separate mail with subject [PATCH] Fix lsusb out-of-bounds write Regards, Carl-Daniel > Regards, > Carl-Daniel > > Am 25.05.2011 01:06 schrieb Carl-Daniel Hailfinger: > >> Am 25.05.2011 00:18 schrieb Greg KH: >> >>> On Wed, May 25, 2011 at 12:02:48AM +0200, Carl-Daniel Hailfinger wrote: >>> >>> >>>> Hi, >>>> >>>> I was playing with the "authorized" attribute of USB devices in >>>> sysfs. If I have at least one device with authorized=0, one or more >>>> lsusb bugs are triggered. >>>> >>>> "lsusb" will print nothing (really nothing, not even the host >>>> controllers) >>>> >>>> "lsusb -t" will segfault. >>>> gdb output follows. >>>> Core was generated by `lsusb -t'. >>>> Program terminated with signal 11, Segmentation fault. >>>> #0 read_sysfs_file_string (d_name=<value optimized out>, >>>> file=<value optimized out>, buf=0x180fd10 "", len=-1) at lsusb-t.c:246 >>>> 246 if (buf[r] == '\n') >>>> (gdb) bt >>>> #0 read_sysfs_file_string (d_name=<value optimized out>, >>>> file=<value optimized out>, buf=0x180fd10 "", len=-1) at lsusb-t.c:246 >>>> #1 0x000000000040b134 in add_usb_device (d_name=0x180764b "2-3") at >>>> lsusb-t.c:380 >>>> #2 0x000000000040b6d8 in inspect_bus_entry () at lsusb-t.c:462 >>>> #3 walk_usb_devices () at lsusb-t.c:471 >>>> #4 lsusb_t () at lsusb-t.c:701 >>>> #5 0x0000000000401c7d in treedump () at lsusb.c:3925 >>>> #6 0x000000000040a26c in main (argc=2, argv=0x7fff461f5128) at >>>> lsusb.c:4052 >>>> >>>> This is usbutils-002 on openSUSE 11.3, vanilla kernel 2.6.39, x86_64. >>>> >>>> Same problem exists with usbutils-0.84 on that machine. >>>> >>>> Any hints would be appreciated. I'd send lsusb output, but it is >>>> empty for the case where the bug is triggered. >>>> >>>> >>> Well, if the device can't be accessed, as you disabled it through the >>> authorised=0 setting, lsusb shouldn't really be able to do much with it. >>> >>> >> "lsusb" (without -v) should be able to list it with vendor:device ID >> and bus location. That info is available from sysfs even for devices >> with authorized=0. To test that, I just wrote a shell script which >> provides the same output as lsusb, and it works fine regardless of the >> authorized=[01] status of any device. >> >> >> >> >>> But it shouldn't crash. I'll look at that next week when I get a >>> chance, thanks for the bug report. >>> >>> >> Found the crasher bug. Patch follows (whitespace-damaged, I can resend >> once I have access to a proper mailer again). >> >> >> If read_sysfs_file_string() encounters a zero-length file, it will >> write '\0' at index -1 of the provided buffer. Handle zero-length >> files gracefully by falling through to the error handler which does >> the right thing (tm). >> >> Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@xxxxxxx> >> >> diff --git a/lsusb-t.c b/lsusb-t.c >> index 8bcdbf1..5438704 100644 >> --- a/lsusb-t.c >> +++ b/lsusb-t.c >> @@ -235,7 +235,7 @@ static void read_sysfs_file_string(const char >> *d_name, const char *file, char *b >> goto error; >> r = read(fd, buf, len); >> close(fd); >> - if (r >= 0&& r < len) { >> + if (r > 0&& r < len) { >> buf[r] = '\0'; >> r--; >> while (buf[r] == '\n') { >> >> >> > > -- http://www.hailfinger.org/ -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html