[1889] in linux-scsi channel archive
is this a bug ?
daemon@ATHENA.MIT.EDU (Michel LESPINASSE)
Sat May 17 12:27:00 1997
Date: Sat, 17 May 1997 18:24:34 +0200 (CEST)
From: Michel LESPINASSE <walken@via.ecp.fr>
To: linux-scsi@vger.rutgers.edu
I dont know a lot about the linux scsi drivers code, and I was trying to
get some idea about the workings of the generic scsi code in my 2.0.30
kernel. I saw something strange in drivers/scsi/scsi_ioctl.c, around line
200, and I think it is a bug, but then, I may be wrong, too :)
result = verify_area(VERIFY_READ, cmd_in,
cmdlen + inlen > MAX_BUF ? MAX_BUF : inlen);
if (result) return result;
memcpy_fromfs ((void *) cmd, cmd_in, cmdlen);
memcpy_fromfs ((void *) buf,
(void *) (cmd_in + cmdlen),
inlen);
I think the verify_area line should read :
result = verify_area(VERIFY_READ, cmd_in,
cmdlen+inlen > MAX_BUF ? MAX_BUF : cmdlen+inlen);
^^^^^^^
Michel "Walken" LESPINASSE - Student at Ecole Centrale Paris (France)
www Email : walken@via.ecp.fr
(o o) VideoLan project : http://videolan.via.ecp.fr/
------oOO--(_)--OOo-------------------------------------------------------
Any sufficiently advanced bug is indistinguishable from a feature.
