- fix copy_{to,from}_user error handling (thanks to Rusty for pointing this out)
if (as->usbin.dma.mapped)
as->usbin.dma.count &= as->usbin.dma.fragsize-1;
spin_unlock_irqrestore(&as->lock, flags);
- return copy_to_user((void *)arg, &cinfo, sizeof(cinfo));
+ if (copy_to_user((void *)arg, &cinfo, sizeof(cinfo)))
+ return -EFAULT;
+ return 0;
case SNDCTL_DSP_GETOPTR:
if (!(file->f_mode & FMODE_WRITE))
if (as->usbout.dma.mapped)
as->usbout.dma.count &= as->usbout.dma.fragsize-1;
spin_unlock_irqrestore(&as->lock, flags);
- return copy_to_user((void *)arg, &cinfo, sizeof(cinfo));
+ if (copy_to_user((void *)arg, &cinfo, sizeof(cinfo)))
+ return -EFAULT;
+ return 0;
case SNDCTL_DSP_GETBLKSIZE:
if (file->f_mode & FMODE_WRITE) {
retval = -ENOMEM;
goto exit;
}
- copy_from_user (temp_buffer, buf, count);
+ if (copy_from_user (temp_buffer, buf, count)) {
+ retval = -EFAULT;
+ goto exit;
+ }
current_buffer = temp_buffer;
} else {
current_buffer = buf;
count = (count > acm->writesize) ? acm->writesize : count;
- if (from_user)
- copy_from_user(acm->writeurb->transfer_buffer, buf, count);
- else
+ if (from_user) {
+ if (copy_from_user(acm->writeurb->transfer_buffer, buf, count))
+ return -EFAULT;
+ } else
memcpy(acm->writeurb->transfer_buffer, buf, count);
acm->writeurb->transfer_buffer_length = count;
if (!access_ok(VERIFY_WRITE, buf, nbytes))
return -EINVAL;
- copy_to_user(buf, up->data + pos, nbytes);
+ if (copy_to_user(buf, up->data + pos, nbytes))
+ return -EFAULT;
*ppos += nbytes;
dinfo.product = dev->descriptor.idProduct;
dinfo.version = dev->descriptor.bcdDevice;
dinfo.num_applications = hid->maxapplication;
- return copy_to_user((void *) arg, &dinfo, sizeof(dinfo));
+ if (copy_to_user((void *) arg, &dinfo, sizeof(dinfo)))
+ return -EFAULT;
+ return 0;
}
case HIDIOCGFLAG:
rinfo.num_fields = report->maxfield;
- return copy_to_user((void *) arg, &rinfo, sizeof(rinfo));
+ if (copy_to_user((void *) arg, &rinfo, sizeof(rinfo)))
+ return -EFAULT;
+ return 0;
case HIDIOCGFIELDINFO:
{
finfo.unit_exponent = field->unit_exponent;
finfo.unit = field->unit;
- return copy_to_user((void *) arg, &finfo, sizeof(finfo));
+ if (copy_to_user((void *) arg, &finfo, sizeof(finfo)))
+ return -EFAULT;
+ return 0;
}
case HIDIOCGUCODE:
uref.usage_code = field->usage[uref.usage_index].hid;
- return copy_to_user((void *) arg, &uref, sizeof(uref));
+ if (copy_to_user((void *) arg, &uref, sizeof(uref)))
+ return -EFAULT;
+ return 0;
case HIDIOCGUSAGE:
case HIDIOCSUSAGE:
if (cmd == HIDIOCGUSAGE) {
uref.value = field->value[uref.usage_index];
- return copy_to_user((void *) arg, &uref, sizeof(uref));
+ if (copy_to_user((void *) arg, &uref, sizeof(uref)))
+ return -EFAULT;
+ return 0;
} else {
field->value[uref.usage_index] = uref.value;
}
ret=dabusb_bulk (s, pbulk);
if(ret==0)
- ret = copy_to_user ((void *) arg, pbulk, sizeof (bulk_transfer_t));
+ if (copy_to_user((void *)arg, pbulk,
+ sizeof(bulk_transfer_t)))
+ ret = -EFAULT;
kfree (pbulk);
break;
if (u > devinfo.bsize) {
u = devinfo.bsize;
}
- ret = copy_to_user(devinfo.buf, cp->dev_desc, u);
+ ret = copy_to_user(devinfo.buf, cp->dev_desc, u) ? -EFAULT : 0;
break;
/* get the max. string descriptor length */
wake_up (&cp->bufferwait);
up (&cp->mutex);
up (&ccp->mutex);
- return -EIO;
+ return -EFAULT;
}
/* set the header byte */
}
if (from_user) {
- copy_from_user(pkt->data, buf, count);
+ if (copy_from_user(pkt->data, buf, count))
+ return -EFAULT;
} else {
memcpy(pkt->data, buf, count);
}
memset (data, '0', packet_length);
if (from_user) {
- copy_from_user (data, buf, count);
+ if (copy_from_user (data, buf, count))
+ return -EFAULT;
} else {
memcpy (data, buf, count);
}
projects / history.git / commitdiff