diff options
| author | Dan Carpenter <error27@gmail.com> | 2010-11-17 02:20:15 -0300 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab@redhat.com> | 2010-12-20 14:11:15 -0200 |
| commit | 250f7a5f62a08985af5cf7728ae7ba9edbfdc0a9 (patch) | |
| tree | 0aa3cbc24524efbb1fc9f29608a44e20b68c1d06 /drivers/media/IR/mceusb.c | |
| parent | 5c769a68beaee924e1dc90bf06e1b087b1d46237 (diff) | |
| download | lwn-250f7a5f62a08985af5cf7728ae7ba9edbfdc0a9.tar.gz lwn-250f7a5f62a08985af5cf7728ae7ba9edbfdc0a9.zip | |
[media] lirc_dev: fixes in lirc_dev_fop_read()
This makes several changes but they're in one function and sort of
related:
"buf" was leaked on error. The leak if we try to read an invalid
length is the main concern because it could be triggered over and
over.
If the copy_to_user() failed, then the original code returned the
number of bytes remaining. read() is supposed to be the opposite way,
where we return the number of bytes copied. I changed it to just return
-EFAULT on errors.
Also I changed the debug output from "-EFAULT" to just "<fail>" because
it isn't -EFAULT necessarily. And since we go though that path if the
length is invalid now, there was another debug print that I removed.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Diffstat (limited to 'drivers/media/IR/mceusb.c')
0 files changed, 0 insertions, 0 deletions