svn commit: r213151 - user/weongyo/usb/sys/dev/usb
Weongyo Jeong
weongyo at FreeBSD.org
Sat Sep 25 01:23:27 UTC 2010
Author: weongyo
Date: Sat Sep 25 01:23:26 2010
New Revision: 213151
URL: http://svn.freebsd.org/changeset/base/213151
Log:
Adds an assertion to check the buffer boundary.
Modified:
user/weongyo/usb/sys/dev/usb/usb_busdma.c
Modified: user/weongyo/usb/sys/dev/usb/usb_busdma.c
==============================================================================
--- user/weongyo/usb/sys/dev/usb/usb_busdma.c Sat Sep 25 01:18:01 2010 (r213150)
+++ user/weongyo/usb/sys/dev/usb/usb_busdma.c Sat Sep 25 01:23:26 2010 (r213151)
@@ -126,6 +126,13 @@ usbd_copy_in(struct usb_page_cache *cach
if (buf_res.length > len) {
buf_res.length = len;
}
+
+ /* Checks the buffer boundary */
+ USB_ASSERT((char *)buf_res.buffer + buf_res.length <=
+ (char *)cache->buffer + cache->buflen,
+ ("overflow is happened (%p %d/%p %d)", buf_res.buffer,
+ buf_res.length, cache->buffer, cache->buflen));
+
bcopy(ptr, buf_res.buffer, buf_res.length);
offset += buf_res.length;
@@ -156,6 +163,13 @@ usbd_copy_in_user(struct usb_page_cache
if (buf_res.length > len) {
buf_res.length = len;
}
+
+ /* Checks the buffer boundary */
+ USB_ASSERT((char *)buf_res.buffer + buf_res.length <=
+ (char *)cache->buffer + cache->buflen,
+ ("overflow is happened (%p %d/%p %d)", buf_res.buffer,
+ buf_res.length, cache->buffer, cache->buflen));
+
error = copyin(ptr, buf_res.buffer, buf_res.length);
if (error)
return (error);
@@ -216,6 +230,13 @@ usb_uiomove(struct usb_page_cache *pc, s
if (res.length > len) {
res.length = len;
}
+
+ /* Checks the buffer boundary */
+ USB_ASSERT((char *)res.buffer + res.length <=
+ (char *)pc->buffer + pc->buflen,
+ ("overflow is happened (%p %d/%p %d)", res.buffer,
+ res.length, pc->buffer, pc->buflen));
+
/*
* "uiomove()" can sleep so one needs to make a wrapper,
* exiting the mutex and checking things
@@ -248,6 +269,13 @@ usbd_copy_out(struct usb_page_cache *cac
if (res.length > len) {
res.length = len;
}
+
+ /* Checks the buffer boundary */
+ USB_ASSERT((char *)res.buffer + res.length <=
+ (char *)cache->buffer + cache->buflen,
+ ("overflow is happened (%p %d/%p %d)", res.buffer,
+ res.length, cache->buffer, cache->buflen));
+
bcopy(res.buffer, ptr, res.length);
offset += res.length;
@@ -278,6 +306,13 @@ usbd_copy_out_user(struct usb_page_cache
if (res.length > len) {
res.length = len;
}
+
+ /* Checks the buffer boundary */
+ USB_ASSERT((char *)res.buffer + res.length <=
+ (char *)cache->buffer + cache->buflen,
+ ("overflow is happened (%p %d/%p %d)", res.buffer,
+ res.length, cache->buffer, cache->buflen));
+
error = copyout(res.buffer, ptr, res.length);
if (error)
return (error);
@@ -306,6 +341,13 @@ usbd_frame_zero(struct usb_page_cache *c
if (res.length > len) {
res.length = len;
}
+
+ /* Checks the buffer boundary */
+ USB_ASSERT((char *)res.buffer + res.length <=
+ (char *)cache->buffer + cache->buflen,
+ ("overflow is happened (%p %d/%p %d)", res.buffer,
+ res.length, cache->buffer, cache->buflen));
+
bzero(res.buffer, res.length);
offset += res.length;
More information about the svn-src-user
mailing list