[xiph-commits] r15192 - trunk/cdparanoia/interface

xiphmont at svn.xiph.org xiphmont at svn.xiph.org
Tue Aug 19 15:44:15 PDT 2008


Author: xiphmont
Date: 2008-08-19 15:44:14 -0700 (Tue, 19 Aug 2008)
New Revision: 15192

Modified:
   trunk/cdparanoia/interface/scsi_interface.c
Log:
The SG_SET_RESERVED_SIZE loop could overflow in tweak_SG_buffer, and
2.4 kernels don't guard against the overflow-- check for the overflow
ourselves or risk bricking machines still running 2.4



Modified: trunk/cdparanoia/interface/scsi_interface.c
===================================================================
--- trunk/cdparanoia/interface/scsi_interface.c	2008-08-19 14:18:23 UTC (rev 15191)
+++ trunk/cdparanoia/interface/scsi_interface.c	2008-08-19 22:44:14 UTC (rev 15192)
@@ -33,7 +33,7 @@
   do {
     cur <<= 1; reserved = cur * (1<<9);
     err = ioctl(d->cdda_fd, SG_SET_RESERVED_SIZE, &reserved);
-  } while(err >= 0);
+  } while(err >= 0 && (cur*(1<<9) < 0x40000000));
   ioctl(d->cdda_fd, SG_GET_RESERVED_SIZE, &reserved);
 
   /* this doesn't currently ever work, but someday somebody might
@@ -42,9 +42,9 @@
     table=1;
 
   sprintf(buffer,"\tDMA scatter/gather table entries: %d\n\t"
-      "table entry size: %d bytes\n\t"
-      "maximum theoretical transfer: %d sectors\n",
-      table, reserved, table*reserved/CD_FRAMESIZE_RAW);
+	  "table entry size: %d bytes\n\t"
+	  "maximum theoretical transfer: %d sectors\n",
+	  table, reserved, table*(reserved/CD_FRAMESIZE_RAW));
   cdmessage(d,buffer);
 
   cur=reserved; /* only use one entry for now */
@@ -1655,6 +1655,7 @@
 
 int scsi_preinit_drive(cdrom_drive *d){
   d->set_speed = scsi_set_speed;
+  return 0;
 }
 
 int scsi_init_drive(cdrom_drive *d){



More information about the commits mailing list