git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Lars-Peter Clausen <lars@metafoo.de>
	Thu, 8 Dec 2011 17:35:51 +0000 (18:35 +0100)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Thu, 8 Dec 2011 20:16:34 +0000 (12:16 -0800)
commit	a1e44d6ac5577b78ec85833b22d58345b2758ebb
tree	f88ca5aa6d5dbfcb10eee3c3f5aa9f3bc037bfc8	tree \| snapshot
parent	c6795ad4c7934a1db196697308ea0c3ac8b15f52	commit \| diff

staging:iio: Fix sw_ring memory corruption

The sw_ring does not properly handle the case where the write pointer already
has wrapped around, the read pointer has not and the remaining buffer space at
the end is enough to fill the read buffer:

  +-----------------------------------+
  |     |              |##data##|     |
  +-----------------------------------+
     write_p        read_p

In this case the current code will copy all available data to the buffer and
as a result will write beyond the bounds of the buffer and cause a memory
corruption.

To address this issue this patch adds code to calculate the available buffer
space and makes sure that the number of bytes to copy does not exceed this
number. This allows the code which copies the data around to be simplified as
it only has to consider two cases: Read wraps around and read does not wrap
around.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>