lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0912131613380.27767@ask.diku.dk>
Date:	Sun, 13 Dec 2009 16:21:19 +0100 (CET)
From:	Julia Lawall <julia@...u.dk>
To:	walter harms <wharms@....de>
Cc:	Liam Girdwood <lrg@...mlogic.co.uk>,
	Mark Brown <broonie@...nsource.wolfsonmicro.com>,
	Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.de>,
	alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [PATCH 9/9] sound/soc/codecs: Correct code taking the size of
 a pointer

On Sun, 13 Dec 2009, walter harms wrote:

> 
> 
> Julia Lawall schrieb:
> > From: Julia Lawall <julia@...u.dk>
> > 
> > sizeof(codec->reg_cache) is just the size of the pointer.  Elsewhere in the
> > file, codec->reg_cache is used with sizeof(wm8900_reg_defaults), so the
> > code is changed to do the same here.
> > 
> > A simplified version of the semantic patch that finds this problem is as
> > follows: (http://coccinelle.lip6.fr/)
> > 
> > // <smpl>
> > @@
> > expression *x;
> > expression f;
> > type T;
> > @@
> > 
> > *f(...,(T)x,...)
> > // </smpl>
> > 
> > Signed-off-by: Julia Lawall <julia@...u.dk>
> > 
> > ---
> >  sound/soc/codecs/wm8900.c           |    2 +-
> >  1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/sound/soc/codecs/wm8900.c b/sound/soc/codecs/wm8900.c
> > index c9438dd..dbc368c 100644
> > --- a/sound/soc/codecs/wm8900.c
> > +++ b/sound/soc/codecs/wm8900.c
> > @@ -199,7 +199,7 @@ static void wm8900_reset(struct snd_soc_codec *codec)
> >  	snd_soc_write(codec, WM8900_REG_RESET, 0);
> >  
> >  	memcpy(codec->reg_cache, wm8900_reg_defaults,
> > -	       sizeof(codec->reg_cache));
> > +	       sizeof(wm8900_reg_defaults));
> >  }
> 
> I do not think that this was the intention of the original author,
> I guess the idea behind sizeof(*codec->reg_cache) was to protect
> the area behind it (in case wm8900_reg_defaults are badly defined).

sizeof(codec->reg_cache) is the size of a pointer (void *).  
sizeof(*codec->reg_cache) is then the size of void.  wm8900_reg_defaults 
is a static constant array defined a few lines before this code:

static const u16 wm8900_reg_defaults[WM8900_MAXREG] = { ... };

Later in the same file there is:

 cache = kmemdup(codec->reg_cache, sizeof(wm8900_reg_defaults),
                       GFP_KERNEL);

and codec->reg_cache is initialized as follows:

  codec->reg_cache = &wm8900->reg_cache[0];

The reg_cache field in wm8900 is declared as u16 reg_cache[WM8900_MAXREG];

julia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ