[<prev] [next>] [day] [month] [year] [list]
Message-Id: <202003281643.02SGhKg2024958@sdf.org>
Date: Sun, 8 Mar 2020 05:04:08 -0400
From: George Spelvin <lkml@....org>
To: linux-kernel@...r.kernel.org, lkml@....org
Cc: Johan Hovold <johan@...nel.org>
Subject: [RFC PATCH v1 35/50] USB: serial: iuu_phoenix: Use pseudorandom for
xmas mode
I also fixed a couple of buffer overrun bugs in iuu_led_activity_on,
based on code not expecting the "*buf_ptr++" to have been incremented.
- In xmas mode, the final setting of the period byte to 1 was
done to buf_ptr[7], which was past the end of the buffer.
- In non-xmas mode, iuu_rgbf_fill_buffer() fills in 8 bytes starting
with the IUU_SET_LED command. The net result is duplicating the
command and writing an extra byte off the end of the buffer.
I rewrote the code to omit the ++, which is more legible.
Not tested because I don't have the hardware, but I don't think
this code has been exercised much anyway.
Signed-off-by: George Spelvin <lkml@....org>
Cc: Johan Hovold <johan@...nel.org>
---
drivers/usb/serial/iuu_phoenix.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/serial/iuu_phoenix.c b/drivers/usb/serial/iuu_phoenix.c
index d5bff69b1769b..7aeea7b5ba8db 100644
--- a/drivers/usb/serial/iuu_phoenix.c
+++ b/drivers/usb/serial/iuu_phoenix.c
@@ -353,10 +353,11 @@ static void iuu_led_activity_on(struct urb *urb)
struct usb_serial_port *port = urb->context;
int result;
char *buf_ptr = port->write_urb->transfer_buffer;
- *buf_ptr++ = IUU_SET_LED;
+
if (xmas) {
- get_random_bytes(buf_ptr, 6);
- *(buf_ptr+7) = 1;
+ buf_ptr[0] = IUU_SET_LED;
+ prandom_bytes(buf_ptr+1, 6);
+ buf_ptr[7] = 1;
} else {
iuu_rgbf_fill_buffer(buf_ptr, 255, 255, 0, 0, 0, 0, 255);
}
--
2.26.0
Powered by blists - more mailing lists