[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux1394-devel
Subject:    Re: libavc1394 possible memory corruption
From:       Stefan Richter <stefanr () s5r6 ! in-berlin ! de>
Date:       2008-10-22 23:16:50
Message-ID: 48FFB462.9030808 () s5r6 ! in-berlin ! de
[Download RAW message or body]

Stefan Richter wrote:
> On 22 Oct, Pieter Palmers wrote:
>> The MAX_RESPONSE_SIZE is defined as 512 bytes which is IMHO not 
>> sufficient. I have devices that send more.
[...]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> IEEE 1394a-2000 clause 8.3.2.4 specifies the size of the FCP_RESPONSE
> register as 512 bytes.
> 
> The kernel checks this in drivers/ieee1394/csr.c:
> 
> static int write_fcp(struct hpsb_host *host, int nodeid, int dest,
> 		     quadlet_t *data, u64 addr, size_t length, u16 flags)
> {
>         int csraddr = addr - CSR_REGISTER_BASE;
> 
>         if (length > 512)
>                 return RCODE_TYPE_ERROR;

So as you can see, there will never ever get more than 512 bytes through 
to the application client.  If the application believes that it got 
more, does it perhaps mistake two subsequently received frames as one?
-- 
Stefan Richter
-=====-==--- =-=- =-===
http://arcgraph.de/sr/

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
mailing list linux1394-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux1394-devel
[prev in list] [next in list] [prev in thread] [next in thread]