From owner-freebsd-bugs Thu Mar 30 5:20:16 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 49D7F37BB83 for ; Thu, 30 Mar 2000 05:20:07 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id FAA25376; Thu, 30 Mar 2000 05:20:07 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id A0E3C37B739 for ; Thu, 30 Mar 2000 05:12:14 -0800 (PST) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id FAA23194; Thu, 30 Mar 2000 05:12:14 -0800 (PST) (envelope-from nobody@FreeBSD.org) Message-Id: <200003301312.FAA23194@freefall.freebsd.org> Date: Thu, 30 Mar 2000 05:12:14 -0800 (PST) From: stake@po.shiojiri.ne.jp To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/17688: es_callback() in /sys/pci/es1370.c does not check play_speed Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 17688 >Category: kern >Synopsis: es_callback() in /sys/pci/es1370.c does not check play_speed >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 30 05:20:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Takefumi SAYO >Release: FreeBSD 3.4-RELEASE >Organization: personal >Environment: FreeBSD vipal5.my.domain 3.4-RELEASE FreeBSD 3.4-RELEASE #8: Thu Mar 30 20:52:00 JST 2000 alan@vipal5.my.domain:/usr/src/sys/compile/VIPAL5 i386 >Description: es_callback() in /sys/pci/es1370.c does not check play_speed, so an invalid ioctl() causes integer divide fault in kernel mode. >How-To-Repeat: set 0 as SNDCTL_DSP_SPEED speed = 0; ioctl(fd, SNDCTL_DSP_SPEED, &speed); >Fix: Here is a temporary patch to avoid this problem. *** /sys/pci/es1370.c.orig Wed Nov 17 04:17:50 1999 --- /sys/pci/es1370.c Thu Mar 30 20:51:42 2000 *************** *** 753,759 **** es1371_dac1_rate(d,d->play_speed,1); /* codec FM DAC */ /* NOT used */ es1371_adc_rate(d, d->rec_speed, 1); /* record */ } else /* 1370 */ { ! es->ctrl = (es->ctrl & ~CTRL_PCLKDIV) | (DAC2_SRTODIV(d->play_speed) << CTRL_SH_PCLKDIV); } snd_set_blocksize(d); --- 753,767 ---- es1371_dac1_rate(d,d->play_speed,1); /* codec FM DAC */ /* NOT used */ es1371_adc_rate(d, d->rec_speed, 1); /* record */ } else /* 1370 */ { ! int play_speed; ! ! play_speed = d->play_speed; ! RANGE(play_speed, 4000, 48000); ! if ((es_debug > 0) && (play_speed != d->play_speed)) ! printf("es_callback play_speed modified %d -> %d\n", ! d->play_speed, play_speed); ! d->play_speed = play_speed; ! es->ctrl = (es->ctrl & ~CTRL_PCLKDIV) | (DAC2_SRTODIV(d->play_speed) << CTRL_SH_PCLKDIV); } snd_set_blocksize(d); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message