| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When performing a lock transaction (such as with fw_lock) under Juju, 4
bytes of the stack gets corrupted. This is because the lock transaction
has 8 bytes of data sent and 4 bytes received. Since the transaction
"length" is specified as 8, handle_device_event() copies 8 bytes into
the destination variable instead of the desired 4, and overflows into
the stack by 4 bytes.
This patch fixes the corruption by adding an extra "out_length" argument
to the send_request() function so that both in_length and out_length can
be specified separately.
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
because they do the same.
We only may want a separate fw_bandwidth_modify() in the future when
firewire-core gains a special ioctl() for that.
(Not runtime-tested, but it looks good to me.)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(juju)
Reported by Adrian Knoth: fw_channel_modify() was unable to allocate
some channels which were actually free.
http://marc.info/?l=linux1394-devel&t=122818128900002
This can be easily fixed by replacing fw_channel_modify() by
ieee1394_channel_modify() because this is highlevel enough to work with
Juju as well. We only may want a separate fw_channel_modify() in the
future when firewire-core gains a special ioctl() for that.
Also fix a documentation typo: raw1394_channel_modify() did not show up
in extracted API documentation due to a cut'n'paste typo in raw1394.h.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
|
|
| |
The buffer pointers were uninitialized, leading to segfault in memcpy.
Bug report and initial version of the fix by Adrian Knoth.
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
|
|
|
|
| |
When using strncpy with the exact size of the destination string the
string may end up lacking null termination because the source string is
bigger then the destination.
Signed-off-by: Erik Hovland <erik@hovland.org>
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
|
|
|
| |
When an unsigned type is assigned a signed value, the
negatived value is never seen.
Signed-off-by: Erik Hovland <erik@hovland.org>
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
|
|
| |
Unsigned values do not return signed values when subtracted
and the right operand is larger then the left operand.
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
| |
Signed-off-by: Erik Hovland <erik@hovland.org>
Signed-off-by: Dan Dennedy <dan@dennedy.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
While trying to track down some crashes in kino, I found the following problems
with libraw1394:
* There is a DIR* leak in raw1394_set_port().
* Lots of data structures are not fully initialized when calling IEEE1394
ioctl()s. These cause valgrind errors (benign, as valgrind does not know
how to interpret all ioctls. However these also cause kino to crash in
libraw1394. I've added a bunch of memset()s to prevent this problem from
happening.
Forward-ported to libraw1394 git tree by Jarod Wilson.
|
|
|
give them 'fw' names instead of 'juju.'
|
David Moore
Stefan Richter
Erik Hovland
Philippe Troin
Dan Dennedy
