ad9798967d
Dmitry Vyukov wrote: > different runs). Looking at code, the following looks suspicious -- we > limit copy by 512 bytes, but use the original count which can be > larger than 512: > > static void sixpack_receive_buf(struct tty_struct *tty, > const unsigned char *cp, char *fp, int count) > { > unsigned char buf[512]; > .... > memcpy(buf, cp, count < sizeof(buf) ? count : sizeof(buf)); > .... > sixpack_decode(sp, buf, count1); With the sane tty locking we now have I believe the following is safe as we consume the bytes and move them into the decoded buffer before returning. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
6pack.c | ||
baycom_epp.c | ||
baycom_par.c | ||
baycom_ser_fdx.c | ||
baycom_ser_hdx.c | ||
bpqether.c | ||
dmascc.c | ||
hdlcdrv.c | ||
Kconfig | ||
Makefile | ||
mkiss.c | ||
scc.c | ||
yam.c | ||
z8530.h |