Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/nick-nhusb]: src/sys/dev/usb Add port range check in xhci_rhpsc().
details: https://anonhg.NetBSD.org/src/rev/2dbfd4903e10
branches: nick-nhusb
changeset: 334233:2dbfd4903e10
user: skrll <skrll%NetBSD.org@localhost>
date: Fri Jun 26 15:43:46 2015 +0000
description:
Add port range check in xhci_rhpsc().
KASSERT xfer->ux_pipe != NULL in xhci_handle_event().
Based on a diff from t-hash
diffstat:
sys/dev/usb/xhci.c | 12 +++++++++---
1 files changed, 9 insertions(+), 3 deletions(-)
diffs (44 lines):
diff -r 664569f31ff6 -r 2dbfd4903e10 sys/dev/usb/xhci.c
--- a/sys/dev/usb/xhci.c Fri Jun 26 15:39:55 2015 +0000
+++ b/sys/dev/usb/xhci.c Fri Jun 26 15:43:46 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xhci.c,v 1.28.2.31 2015/06/26 15:39:55 skrll Exp $ */
+/* $NetBSD: xhci.c,v 1.28.2.32 2015/06/26 15:43:46 skrll Exp $ */
/*
* Copyright (c) 2013 Jonathan A. Kollasch
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xhci.c,v 1.28.2.31 2015/06/26 15:39:55 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xhci.c,v 1.28.2.32 2015/06/26 15:43:46 skrll Exp $");
#include "opt_usb.h"
@@ -1684,11 +1684,15 @@
uint8_t *p;
XHCIHIST_FUNC(); XHCIHIST_CALLED();
- DPRINTFN(4, "port %u status change", port, 0, 0, 0);
+ DPRINTFN(4, "xhci%d: port %u status change", device_unit(sc->sc_dev),
+ port, 0, 0);
if (xfer == NULL)
return;
+ if (port > sc->sc_maxports)
+ return;
+
p = xfer->ux_buf;
memset(p, 0, xfer->ux_length);
p[port/NBBY] |= 1 << (port%NBBY);
@@ -1772,6 +1776,8 @@
}
DPRINTFN(14, "xfer %p", xfer, 0, 0, 0);
/* XXX I dunno why this happens */
+ KASSERT(xfer->ux_pipe != NULL);
+
if (!xfer->ux_pipe->up_repeat &&
SIMPLEQ_EMPTY(&xfer->ux_pipe->up_queue)) {
DPRINTFN(1, "xfer done: xfer not started", 0, 0, 0, 0);
Home |
Main Index |
Thread Index |
Old Index