Commit 3f82d388 authored by Jeffrey Lee's avatar Jeffrey Lee

Fix null pointer access

Detail:
  c/glue - Not all operations make use of device->current_pipe, but glue_DoCommand was accessing the pipe pointer regardless of whether the maxpacket value was needed or not. This causes the code to fail if zero page is relocated.
Admin:
  Tested on rev C2 BB.


Version 0.14. Tagged as 'SCSISoftUSB-0_14'
parent 0842fca8
/* (0.13)
/* (0.14)
*
* This file is automatically maintained by srccommit, do not edit manually.
* Last processed by srccommit version: 1.1.
*
*/
#define Module_MajorVersion_CMHG 0.13
#define Module_MajorVersion_CMHG 0.14
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 23 Nov 2010
#define Module_Date_CMHG 24 Jul 2011
#define Module_MajorVersion "0.13"
#define Module_Version 13
#define Module_MajorVersion "0.14"
#define Module_Version 14
#define Module_MinorVersion ""
#define Module_Date "23 Nov 2010"
#define Module_Date "24 Jul 2011"
#define Module_ApplicationDate "23-Nov-10"
#define Module_ApplicationDate "24-Jul-11"
#define Module_ComponentName "SCSISoftUSB"
#define Module_ComponentPath "mixed/RiscOS/Sources/HWSupport/SCSI/SCSISoftUSB"
#define Module_FullVersion "0.13"
#define Module_HelpVersion "0.13 (23 Nov 2010)"
#define Module_LibraryVersionInfo "0:13"
#define Module_FullVersion "0.14"
#define Module_HelpVersion "0.14 (24 Jul 2011)"
#define Module_LibraryVersionInfo "0:14"
......@@ -357,7 +357,6 @@ _kernel_oserror *glue_DoCommand(my_usb_device_t *device, uint32_t lun, uint32_t
if (data_direction != DIR_NONE << 24)
{
uint32_t maxpacket = device->current_pipe->maxpacket;
/* check whether command is block oriented */
/* and thus whether block complete is needed */
switch(control_block[0])
......@@ -368,6 +367,8 @@ _kernel_oserror *glue_DoCommand(my_usb_device_t *device, uint32_t lun, uint32_t
case 0x2a: /* write command */
case 0x0f:
case 0x2f: /* verify command */
{
uint32_t maxpacket = device->current_pipe->maxpacket;
DEBUGf(" Need part packet correction check left:%x mp:%x\n",transfer_length & (maxpacket-1),maxpacket);
if((transfer_length & (maxpacket-1)) > 0)
{
......@@ -375,6 +376,7 @@ _kernel_oserror *glue_DoCommand(my_usb_device_t *device, uint32_t lun, uint32_t
transfer_length=(transfer_length&~(maxpacket-1)) + maxpacket;
}
break;
}
default:
break;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment