Re: [PATCH 6/15] hypervisor console driver for Celleb

[PATCH 6/15] hypervisor console driver for Celleb · Ishizaki Kou <hidden> · 2006-12-12
Re: [PATCH 6/15] hypervisor console driver for Celleb · Michael Ellerman <hidden> · 2006-12-12
Re: [PATCH 6/15] hypervisor console driver for Celleb · Ishizaki Kou <hidden> · 2006-12-12
Re: [PATCH 6/15] hypervisor console driver for Celleb · Ishizaki Kou <hidden> · 2006-12-12
Re: [PATCH 6/15] hypervisor console driver for Celleb · Ishizaki Kou <hidden> · 2006-12-12
Re: [PATCH 6/15] hypervisor console driver for Celleb · Linas Vepstas <hidden> · 2006-12-12
Re: [PATCH 6/15] hypervisor console driver for Celleb · Ishizaki Kou <hidden> · 2006-12-14
Re: [PATCH 6/15] hypervisor console driver for Celleb · Linas Vepstas <hidden> · 2006-12-14
Re: [PATCH 6/15] hypervisor console driver for Celleb · Ishizaki Kou <hidden> · 2006-12-20

From: Linas Vepstas <hidden>
Date: 2006-12-12 19:41:11

On Tue, Dec 12, 2006 at 12:31:29PM +0900, Ishizaki Kou wrote:

+
+static int hvc_beat_get_chars(uint32_t vtermno, char *buf, int cnt)
+{
+	unsigned long kb[2];
+	unsigned long got;
+
+	if (beat_get_term_char(vtermno, &got, &kb[0], &kb[1]) == 0) {
+		memcpy(buf, kb, got);
+		return got;

This seems to completely ignore "cnt". Thus, I presume that
beat_get_term_char might return more chars than there is room for in buf,
thus corrupting something, somewhere.

+static int hvc_beat_put_chars(uint32_t vtermno, const char *buf, int cnt)
+{
+	unsigned long kb[2];
+
+	memcpy(kb, buf, sizeof(kb));
+	beat_put_term_char(vtermno, cnt, kb[0], kb[1]);
+	return cnt;
+}

I can't imagine how this can possibly work. 
What if "cnt" is greater than 8?

--linas

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help