Date: Tue, 08 Mar 2016 02:35:43 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 207786] gpioiic_callback() dereferences IIC "how" argument incorrectly Message-ID: <bug-207786-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207786 Bug ID: 207786 Summary: gpioiic_callback() dereferences IIC "how" argument incorrectly Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: chadf@triularity.org Created attachment 167825 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=167825&action=edit Patch file for sys/dev/gpio/gpioiic.c Instead of casting the "data" parameter to an int pointer and dereferencing, it dereferences the caddr_t (a char *) and then casts that value to an int. Currently, on little-endian systems it happens to work as expected, but is broken for other hardware. gpioiic_callback(device_t dev, int index, caddr_t data) { struct gpioiic_softc *sc = device_get_softc(dev); int error, how; how = GPIOBUS_DONTWAIT; if (data != NULL && (int)*data == IIC_WAIT) how = GPIOBUS_WAIT; error = 0; switch (index) { case IIC_REQUEST_BUS: error = GPIOBUS_ACQUIRE_BUS(sc->sc_busdev, sc->sc_dev, how); break; Patch file included. Side note: To increase efficiency, it could be changed to an if/else setting of "how" and moved into the IIC_REQUEST_BUS switch entry, as only that code uses it. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207786-8>