From owner-freebsd-bugs Tue Apr 17 8: 0:22 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E957F37B620 for ; Tue, 17 Apr 2001 08:00:12 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3HF0CW68702; Tue, 17 Apr 2001 08:00:12 -0700 (PDT) (envelope-from gnats) Received: from mailgate.rz.uni-karlsruhe.de (mailgate.rz.uni-karlsruhe.de [129.13.64.97]) by hub.freebsd.org (Postfix) with ESMTP id 88E9737B423 for ; Tue, 17 Apr 2001 07:50:49 -0700 (PDT) (envelope-from p@i609.hadiko.de) Received: from nce2.hadiko.de (hadince2.hadiko.uni-karlsruhe.de [172.20.32.2]) by mailgate.rz.uni-karlsruhe.de with esmtp (Exim 3.16 #1) id 14pWoa-0004Ym-00; Tue, 17 Apr 2001 16:50:48 +0200 Received: from i609.hadiko.de (hadii609.hadiko.uni-karlsruhe.de [172.20.44.159]) by nce2.hadiko.de (8.9.3/8.9.3) with ESMTP id QAA15678 for ; Tue, 17 Apr 2001 16:50:47 +0200 (MET DST) Received: (from p@localhost) by i609.hadiko.de (8.11.3/8.11.3) id f3HEokp00881; Tue, 17 Apr 2001 16:50:46 +0200 (CEST) (envelope-from p) Message-Id: <200104171450.f3HEokp00881@i609.hadiko.de> Date: Tue, 17 Apr 2001 16:50:46 +0200 (CEST) From: un1i@rz.uni-karlsruhe.de Reply-To: un1i@rz.uni-karlsruhe.de To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: kern/26647: [PATCH] ATA/ATAPI driver should check for too high track numbers for CDIOCPLAYTRACKS Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 26647 >Category: kern >Synopsis: [PATCH] ATA/ATAPI driver should check for too high track numbers for CDIOCPLAYTRACKS >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 17 08:00:12 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Philipp Mergenthaler >Release: FreeBSD 5.0-CURRENT i386 >Organization: University of Karlsruhe >Environment: System: FreeBSD i609.hadiko.de 5.0-CURRENT FreeBSD 5.0-CURRENT #372: Tue Apr 17 16:15:35 CEST 2001 p@i609.hadiko.de:/usr/obj/usr/src/sys/I609 i386 >Description: Cosmetic - acdioctl() doesn't check whether the starting track for CDIOCPLAYTRACKS is too high. This can result in a console message with the drive's error message. >How-To-Repeat: (for an audio cd with 20 tracks:) ~%cdcontrol play 21 acd0: PLAY_MSF - ILLEGAL REQUEST asc=0x21 ascq=0x00 error=0x00 >Fix: Index: atapi-cd.c =================================================================== RCS file: /ncvs/src/sys/dev/ata/atapi-cd.c,v retrieving revision 1.88 diff -u -r1.88 atapi-cd.c --- atapi-cd.c 2001/04/05 11:17:33 1.88 +++ atapi-cd.c 2001/04/17 14:00:05 @@ -801,7 +801,8 @@ args->end_track = cdp->toc.hdr.ending_track + 1; t1 = args->start_track - cdp->toc.hdr.starting_track; t2 = args->end_track - cdp->toc.hdr.starting_track; - if (t1 < 0 || t2 < 0) { + if (t1 < 0 || t2 < 0 || t1 > (cdp->toc.hdr.ending_track - + cdp->toc.hdr.starting_track)) { error = EINVAL; break; } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message