diff options
| author |  David Moore
| 2008-12-20 19:28:01 -0800 |
|---|---|---|
| committer |  Dan Dennedy
| 2008-12-29 11:12:32 -0800 |
| commit | cb8b7bf86af003ac6eeb167305c70192c4959c7b (patch) | |
| tree | 32b9472cb6a1d7af1443d17032c239ca5ccddb7b /src/fw.h | |
| parent | Fix iso_shutdown with juju firewire stack (diff) | |
Fix stack corruption during juju lock transactions
When performing a lock transaction (such as with fw_lock) under Juju, 4
bytes of the stack gets corrupted. This is because the lock transaction
has 8 bytes of data sent and 4 bytes received. Since the transaction
"length" is specified as 8, handle_device_event() copies 8 bytes into
the destination variable instead of the desired 4, and overflows into
the stack by 4 bytes.
This patch fixes the corruption by adding an extra "out_length" argument
to the send_request() function so that both in_length and out_length can
be specified separately.
Signed-off-by: Dan Dennedy <dan@dennedy.org>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions