Changeset 738

Show
Ignore:
Timestamp:
11/28/07 07:21:28 (16 years ago)
Author:
ppalmers
Message:

fix bogus use of pointer in descriptor reading

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • trunk/libffado/src/libavc/descriptors/avc_descriptor.cpp

    r734 r738  
    495495    result &= AVCInfoBlock::deserialize(de); 
    496496 
     497    // note that the pointer returned by de.read is not valid outside this function 
     498    // but since we add it to m_text it's not a problem 
    497499    char *txt; 
    498500    result &= de.read(&txt,m_compound_length-4); 
     
    557559    result &= de.read(&text_length); 
    558560 
     561    // note that the pointer returned by de.read is not valid outside this function 
     562    // but since we add it to m_text it's not a problem 
    559563    char *txt; 
    560564    result &= de.read(&txt,text_length); 
  • trunk/libffado/src/libavc/descriptors/avc_descriptor_cmd.cpp

    r734 r738  
    142142ReadDescriptorCmd::~ReadDescriptorCmd() 
    143143{ 
    144  
     144    delete[] m_data; 
    145145} 
    146146 
     
    152152    m_data_length = 0x0000; 
    153153    m_address = 0x0000; 
     154    delete[] m_data; 
     155    m_data = NULL; 
    154156    return true; 
    155157} 
     
    186188{ 
    187189    AVCCommand::deserialize( de ); 
    188      
    189     if(m_specifier==NULL) { 
    190         debugError("m_specifier==NULL"); 
    191         return false; 
    192     } 
    193      
     190 
     191    if(m_specifier==NULL) { 
     192        debugError("m_specifier==NULL"); 
     193        return false; 
     194    } 
     195 
    194196    m_specifier->deserialize( de ); 
    195      
     197 
    196198    switch (getCommandType()) { 
    197199    case eCT_Control: 
     
    200202        de.read( (uint16_t *)&m_data_length ); 
    201203        de.read( (uint16_t *)&m_address ); 
    202          
     204 
    203205        if (getResponse()==eR_Accepted) { 
    204206            if (m_data_length>0) { 
    205                 if (!de.read( (char **)&m_data, m_data_length )) { 
    206                     m_data=NULL; 
     207                // the pointer returned by de.read is not valid outside this function 
     208                // hence we copy the data to an internal buffer 
     209                m_data = new byte_t[m_data_length]; 
     210                if(m_data == NULL) { 
     211                    debugError("Could not allocate memory for payload data"); 
     212                    return false; 
     213                } 
     214                char * cmd_data = NULL; 
     215                if (!de.read( (char **)&cmd_data, m_data_length )) { 
     216                    delete[] m_data; 
     217                    m_data = NULL; 
    207218                    debugError("Could not read payload data"); 
    208219                    return false; 
    209220                } 
    210                  
     221                memcpy(m_data, cmd_data, m_data_length); 
     222 
    211223            } else { 
    212224                debugWarning("Read descriptor command accepted but no payload data returned.\n"); 
  • trunk/libffado/src/libavc/general/avc_extended_plug_info.cpp

    r618 r738  
    119119    m_name.clear(); 
    120120    char* name; 
     121    // note that the pointer returned by de.read is not valid outside this function 
     122    // but since we assign it to m_name it's not a problem since the contents are copied 
    121123    de.read( &name, length ); 
    122124    m_name = name; 
  • trunk/libffado/src/libutil/cmd_serialize.h

    r618 r738  
    5353    virtual bool read( uint16_t* value ) = 0; 
    5454    virtual bool read( quadlet_t* value ) = 0; 
     55    // note that the value pointer is not valid outside deserialize() 
    5556    virtual bool read( char** value, size_t length ) = 0; 
    5657    virtual bool peek( byte_t* value ) = 0; 
     
    142143    virtual bool read( uint16_t* value ); 
    143144    virtual bool read( quadlet_t* value ); 
     145    // note that the value pointer is not valid outside deserialize() 
    144146    virtual bool read( char** value, size_t length ); 
    145147    virtual bool peek( byte_t* value );