[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: =?utf-8?q?=5Bk3b=5D_/=3A_Fixed_crash_on_detecting_writing_speeds?=
From: Michal Malek <michalm () jabster ! pl>
Date: 2011-07-09 22:37:50
Message-ID: 20110709223750.CE3EEA60AE () git ! kde ! org
[Download RAW message or body]
Git commit 1ea92f39d2e4de81e38c3bed511350b07e9b7840 by Michal Malek.
Committed on 10/07/2011 at 00:03.
Pushed by mmalek into branch 'master'.
Fixed crash on detecting writing speeds
In method K3b::Device::Device::modeSense() page data is initially
resized to 0xFFFF, the page date is being read and then the actual
size of the page is obtained from the data itself. The problem was,
after reading the actual size, data was not resized back to it.
Additionally, Device::Device::determineSupportedWriteSpeeds() method
lacked checking if data array is of enough size before accessing it.
BUG: 272427
FIXED-IN: 2.0.3
M +1 -0 ChangeLog
M +2 -2 libk3bdevice/k3bdevice.cpp
M +6 -12 libk3bdevice/k3bdevice.h
M +3 -3 libk3bdevice/k3bdevice_mmc.cpp
M +2 -2 libk3bdevice/k3bdeviceglobals.cpp
M +2 -2 libk3bdevice/k3bdeviceglobals.h
http://commits.kde.org/k3b/1ea92f39d2e4de81e38c3bed511350b07e9b7840
diff --git a/ChangeLog b/ChangeLog
index ba661d1..8548196 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@ Bugfixes:
* Missing "Extract Digital Audio with K3b" in device notifier for Audio CD medium (265819)
* Clearing up track info in audio project when CDDB query failed
* Improper track number in CDDB track edit window title (276681)
+ * Crash on detecting writing speeds (272427)
2.0.2
=====
diff --git a/libk3bdevice/k3bdevice.cpp b/libk3bdevice/k3bdevice.cpp
index 1ce381b..3c74b57 100644
--- a/libk3bdevice/k3bdevice.cpp
+++ b/libk3bdevice/k3bdevice.cpp
@@ -3179,8 +3179,8 @@ QList<int> K3b::Device::Device::determineSupportedWriteSpeeds() const
// cdrecord also uses it as the max writing speed.
int max = 0;
UByteArray data;
- if( modeSense( data, 0x2A ) ) {
- mm_cap_page_2A* mm = (mm_cap_page_2A*)&data[8];
+ if( modeSense( data, 0x2A ) && data.size() >= 8 ) {
+ const mm_cap_page_2A* mm = (mm_cap_page_2A const*)&data.at(8);
// MMC1 used byte 18 and 19 for the max write speed
if( data.size() > 19 )
diff --git a/libk3bdevice/k3bdevice.h b/libk3bdevice/k3bdevice.h
index 7149506..441e21e 100644
--- a/libk3bdevice/k3bdevice.h
+++ b/libk3bdevice/k3bdevice.h
@@ -462,8 +462,7 @@ namespace K3b {
bool cav = false ) const;
/**
- * if true is returned dataLen specifies the actual length of *data which needs to be
- * deleted after using.
+ * if true is returned \param data is resized.
*/
bool readDiscInformation( UByteArray& data ) const;
@@ -473,14 +472,12 @@ namespace K3b {
bool modeSelect( UByteArray& pageData, bool pf, bool sp ) const;
/**
- * if true is returned pageLen specifies the actual length of *pageData which needs to be
- * deleted after using.
+ * if true is returned \param pageData is resized.
*/
bool modeSense( UByteArray& pageData, int page ) const;
/**
- * if true is returned dataLen specifies the actual length of *data which needs to be
- * deleted after using.
+ * if true is returned \param data is resized.
*/
bool readTocPmaAtip( UByteArray& data, int format, bool msf, int track ) const;
@@ -495,8 +492,7 @@ namespace K3b {
bool readTrackInformation( UByteArray& data, int type, int value ) const;
/**
- * if true is returned dataLen specifies the actual length of *data which needs to be
- * deleted after using.
+ * if true is returned \param data is resized.
*/
bool readDiscStructure( UByteArray& data,
unsigned int mediaType = 0x0,
@@ -516,8 +512,7 @@ namespace K3b {
unsigned int agid = 0x0 ) const;
/**
- * if true is returned dataLen specifies the actual length of *data which needs to be
- * deleted after using.
+ * if true is returned \param data is resized.
*/
bool mechanismStatus( UByteArray& data ) const;
@@ -529,8 +524,7 @@ namespace K3b {
/**
- * if true is returned dataLen specifies the actual length of *data which needs to be
- * deleted after using.
+ * if true is returned \param data is resized.
*/
bool getPerformance( UByteArray& data,
unsigned int type,
diff --git a/libk3bdevice/k3bdevice_mmc.cpp b/libk3bdevice/k3bdevice_mmc.cpp
index 56cccd3..ab82bfa 100644
--- a/libk3bdevice/k3bdevice_mmc.cpp
+++ b/libk3bdevice/k3bdevice_mmc.cpp
@@ -707,10 +707,10 @@ bool K3b::Device::Device::modeSense( UByteArray& pageData, int page ) const
pageData.resize( pageLen );
::memset( pageData.data(), 0, pageData.size() );
- cmd[7] = pageLen>>8;
- cmd[8] = pageLen;
+ cmd[7] = pageData.size() >> 8;
+ cmd[8] = pageData.size();
if( cmd.transport( TR_DIR_READ, pageData.data(), pageData.size() ) == 0 ) {
- pageLen = qMin( pageLen, from2Byte( pageData.data() ) + 2 );
+ pageData.resize( qMin( pageData.size(), from2Byte( pageData.data() ) + 2 ) );
return true;
}
else {
diff --git a/libk3bdevice/k3bdeviceglobals.cpp b/libk3bdevice/k3bdeviceglobals.cpp
index 77ce52c..ca0098f 100644
--- a/libk3bdevice/k3bdeviceglobals.cpp
+++ b/libk3bdevice/k3bdeviceglobals.cpp
@@ -213,14 +213,14 @@ void K3b::Device::debugBitfield( unsigned char* data, long len )
}
-quint16 K3b::Device::from2Byte( unsigned char* d )
+quint16 K3b::Device::from2Byte( const unsigned char* d )
{
return ( (d[0] << 8 & 0xFF00) |
(d[1] & 0xFF) );
}
-quint32 K3b::Device::from4Byte( unsigned char* d )
+quint32 K3b::Device::from4Byte( const unsigned char* d )
{
return ( (d[0] << 24 & 0xFF000000) |
(d[1] << 16 & 0xFF0000) |
diff --git a/libk3bdevice/k3bdeviceglobals.h b/libk3bdevice/k3bdeviceglobals.h
index 2b05362..0a62cb0 100644
--- a/libk3bdevice/k3bdeviceglobals.h
+++ b/libk3bdevice/k3bdeviceglobals.h
@@ -35,8 +35,8 @@ namespace K3b {
LIBK3BDEVICE_EXPORT QString mediaTypeString( int, bool simplyfied = false );
LIBK3BDEVICE_EXPORT void debugBitfield( unsigned char* data, long len );
- LIBK3BDEVICE_EXPORT quint16 from2Byte( unsigned char* );
- LIBK3BDEVICE_EXPORT quint32 from4Byte( unsigned char* );
+ LIBK3BDEVICE_EXPORT quint16 from2Byte( const unsigned char* );
+ LIBK3BDEVICE_EXPORT quint32 from4Byte( const unsigned char* );
LIBK3BDEVICE_EXPORT char fromBcd( const char& );
LIBK3BDEVICE_EXPORT char toBcd( const char& );
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic