Update of /cvsroot/blob/blob/src/lib
In directory usw-pr-cvs1:/tmp/cvs-serv13087
Modified Files:
cf.c
Log Message:
- BUGFIX: cf_io_read(): read too much, buffer overrun :(
Index: cf.c
===================================================================
RCS file: /cvsroot/blob/blob/src/lib/cf.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- cf.c 3 May 2002 10:04:23 -0000 1.1
+++ cf.c 3 May 2002 16:02:22 -0000 1.2
@@ -43,7 +43,10 @@
/**********************************************************************
* defines
*/
-#define CF_DEBUG 0
+#define CF_DEBUG 1
+
+/* define this to activate module test cmd */
+#define CF_TEST_MODULE 1
#if CF_DEBUG
# define DBG( x, args... ) if ( cf_dbg>x ) printf( args );
@@ -192,19 +195,18 @@
cf_dbg_set( 0 );
/* init default cf drv */
- ret = cf_io_init( &cf_def_io, cf_slot );
+ ret = cf_io_init( &cf_def_io );
if ( ret ) return;
ret = io_register( &cf_def_io, "CF" );
if ( ret ) return;
}
-__initlist(cf_default_io_init, INIT_LEVEL_OTHER_STUFF + 2);
+//__initlist(cf_default_io_init, INIT_LEVEL_OTHER_STUFF + 2);
-int cf_io_init( io_driver_t *io, int slot )
+int cf_io_init( io_driver_t *io )
{
- DBG( 5, "%s: io=%p, slot=%p\n", __FUNCTION__,
- io, slot );
+ DBG( 5, "%s: io=%p\n", __FUNCTION__, io );
io->conf = cf_io_conf;
io->read = cf_io_read;
@@ -222,10 +224,14 @@
int cf_io_conf( io_driver_t *io, void *conf )
{
+ DBG( 5, "%s: io=%p, conf=%p\n", __FUNCTION__,
+ io, conf );
+
if ( !io || !conf )
return -EINVAL;
cf_slot = (int)conf;
+ DBG( 5, "%s: cf_slot=%d\n", __FUNCTION__, cf_slot );
io->private_data = (void *)cf_slot;
@@ -253,7 +259,7 @@
__FUNCTION__, start_block, start_off, src, dest, amount );
block = start_block;
- while ( amount ) {
+ while ( amount > 0 ) {
/* read block into buffer */
ret = hd_read_mapped( &drive, block, buffer );
if ( ret != 0 )
@@ -265,6 +271,11 @@
to_copy = IDE_BLOCK_SIZE;
}
+
+ if ( amount < to_copy ) {
+ to_copy = amount;
+ }
+
DBG( 15, "%s: block=%d, to_copy=%d, amount=%d\n",
__FUNCTION__, block, to_copy, amount );
@@ -287,3 +298,47 @@
{
return -EINVAL;
}
+
+
+/**********************************************************************
+ * Module test
+ */
+#if defined(CF_TEST_MODULE)
+int cf_test_module( int argc, char *argv[] )
+{
+ int ret;
+ static io_driver_t cf_def_io;
+ char buffer[1024];
+
+ /* this is a debug command. be verbose. */
+ cf_dbg_set( 100 );
+
+ /* init default cf drv */
+ ret = cf_io_init( &cf_def_io );
+ if ( ret ) {
+ DBG( 1, "%s: cf_io_init: %d\n", __FUNCTION__, ret );
+ return ret;
+ }
+
+ ret = io_register( &cf_def_io, "CF" );
+ if ( ret ) {
+ DBG( 1, "%s: cf_io_register: %d\n", __FUNCTION__, ret );
+ return ret;
+ }
+
+ ret = io_configure( &cf_def_io, (void *)1 );
+ if ( ret ) {
+ DBG( 1, "%s: cf_io_configure: %d\n", __FUNCTION__, ret );
+ return ret;
+ }
+
+ ret = io_read( buffer, 256, 512, &cf_def_io );
+ if ( ret ) {
+ DBG( 1, "%s: io_read: %d\n", __FUNCTION__, ret );
+ return ret;
+ }
+
+ return 0;
+}
+char cf_help[] = "cf test function\n";
+#endif
|
