This is the mail archive of the
ecos-devel@sources.redhat.com
mailing list for the eCos project.
Re: possible bug in compactflash device
- From: Savin Zlobec <savin at elatec dot si>
- To: Daniel dot Schmidt3 at gmx dot de
- Cc: ecos-devel at sources dot redhat dot com
- Date: Wed, 19 May 2004 10:59:22 +0200
- Subject: Re: possible bug in compactflash device
hello all,
possible stack-overwrite in:
/devs/disk/v85x/edb_v850/current/source/v85x_edb_v850_disk.c
read_data:
always reads 512 byte=0x200 bytes in buf
cf_disk_init:
call read_data with len=sizeof(cf_ata_identify_data_t)=0x8C bytes
an a buffer with only 0x8c bytes
so the stack will be destroyed
but I think the problem is in cf_ata.h
the last line auf cf_ata_identify_data_t should not be a comment
bye daniel
You are right. There is some bitrot in this driver, the driver interfaces
were changed when the code was commited to CVS and nobody thoroughly
tested this driver - I'am probably the only one using it in its
original state and
I still use the pre CVS version.
I've attached the original driver source - as you can see there were more
parameters to read_data and write_data and the len parameter was
used when reading/writting.
I think that the lenght test in read_data loop should solve the above
problem:
for (i = 0; i < 512; i += 2)
{
cyg_uint16 data;
HAL_READ_UINT16(base + 4, data);
if (i < len)
*bufp++ = data;
}
I'll try to find some time and make a test drive :-)
savin