On Fri, 14 Dec 2012, Chen Gang wrote: > Hello Alan Stern: > > in drivers/usb/host/uhci-debug.c, for function uhci_sprint_schedule: > we are not check the len of buf (not like another static functions in this file). > the buffer len is MAX_OUTPUT: 64 * 1024 (line 491, line 517) > the buffer may not be enough: > we may loop UHCI_NUMFRAMES times (line 383..433) > UHCI_NUMFRAMES is 1024 (drivers/usb/host/uhci-hcd.h:87) > each time of loop may get more than 64 bytes (line 383..433) > it seems we have noticed len checking when call uhci_show_td (line 411) > but we not check it outside of uhci_show_td (line 400..414) > > so I suggest to add checking len when use buf (although it seems a little complex) > > I find it by code review, please help checking this suggestion, thanks. > > if this suggestion is valid: > please help sending patch. > better to mark me as Reported-by. > not need cc to me (I am not reviewer) The easiest fix is to increase MAX_OUTPUT. Can you figure out how large it needs to be? I'm not concerned with making this code absolutely 100% reliable. It is used only for debugging; in almost all kernel builds it will not be compiled. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
