Mailinglist Archive: opensuse-bugs (13459 mails)
| < Previous | Next > |
[Bug 335676] kernel OOPS when starting nut UPS daemon
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Mon, 22 Oct 2007 13:13:46 -0600 (MDT)
- Message-id: <20071022191346.D5A29245269@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=335676#c4
Arjen de Korte <suse+build@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|
|suse+build@xxxxxxxxxxxx
--- Comment #4 from Arjen de Korte <suse+build@xxxxxxxxxxxx> 2007-10-22
13:13:46 MST ---
I don't know if this is the cause, but there is a bug in the
'drivers/hidparser.c' upto (and including) nut-2.2.0:
620 /* make a list of reports and their lengths */
621 memset(pDesc->replen, 0, 256);
If reports 64..255 are used by the UPS (and the subdriver), the above would
lead to the use of uninitialized data. I have seen the driver segfault'ing
because of that.
Since we're trying to clear an array of 256 int's, line 621 should really read:
621 memset(pDesc->replen, 0, 256 * sizeof(int));
Note that in nut-2.2.1 and higher this has been solved upstream, as there have
been massive changes to the usbhid-ups driver. It now allocates memory through
calloc() instead of malloc() if the memory needs to be cleared anyway.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Arjen de Korte <suse+build@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|
|suse+build@xxxxxxxxxxxx
--- Comment #4 from Arjen de Korte <suse+build@xxxxxxxxxxxx> 2007-10-22
13:13:46 MST ---
I don't know if this is the cause, but there is a bug in the
'drivers/hidparser.c' upto (and including) nut-2.2.0:
620 /* make a list of reports and their lengths */
621 memset(pDesc->replen, 0, 256);
If reports 64..255 are used by the UPS (and the subdriver), the above would
lead to the use of uninitialized data. I have seen the driver segfault'ing
because of that.
Since we're trying to clear an array of 256 int's, line 621 should really read:
621 memset(pDesc->replen, 0, 256 * sizeof(int));
Note that in nut-2.2.1 and higher this has been solved upstream, as there have
been massive changes to the usbhid-ups driver. It now allocates memory through
calloc() instead of malloc() if the memory needs to be cleared anyway.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |