lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 11 Feb 2017 09:29:10 +0800
From:   Cheah Kok Cheong <thrust73@...il.com>
To:     Ian Abbott <abbotti@....co.uk>
Cc:     hsweeten@...ionengravers.com, gregkh@...uxfoundation.org,
        devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Staging: comedi: drivers: comedi_test: Set max input
 value for auto config

On Thu, Feb 09, 2017 at 12:28:42PM +0000, Ian Abbott wrote:
> On 27/01/17 15:55, Cheah Kok Cheong wrote:
> >Currently user can input any value for amplitude and period.
> >This patch set a sane max value for auto-configuration mode.
> >
> >For manual configuration mode, it is assumed this is taken care of
> >by the COMEDI userspace tool since there's no limit set here from
> >day one in the staging tree. If otherwise then maybe this can be
> >looked at separately.
> >
> >Signed-off-by: Cheah Kok Cheong <thrust73@...il.com>
> 
> I don't think there is any need to limit these unless it results in
> arithmetic overflow, since they only affect the fake sample data values
> produced by the driver, not system performance.

You are right there's no real danger here. Before submitting, I have
tested with positive values larger than "int" and smaller than "uint".
Anything larger than "uint" will result in loading failure.

I was motivated by the "user experience". Extreme values will not
display properly on Xoscope therefore I "googled" for a typical
oscilloscope input range for this patch.

Most probably I'm off the target here as I have only tried one
application. Maybe other supported application will handle this
better and offer a better user experience.

Again there's no real danger here, this patch is optional.

Thks.
Brgds,
CheahKC

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ