Hi Jeff,
Attached you'll find a patch that is fixing a driver bug triggered when
malformed string is passed to the 'devid' module parameter. The expected
format is:
"device_name:vendor_id:device_id:flags"
but it turned out people often type:
"somename::0"
instead of:
"somename:::0"
cheers,
Petko--- drivers/net/usb/pegasus.c.orig 2008-01-09 12:16:52.000000000 +0200
+++ drivers/net/usb/pegasus.c 2008-01-09 12:16:58.000000000 +0200
@@ -1461,12 +1461,24 @@ static void parse_id(char *id)
if ((token = strsep(&id, ":")) != NULL)
name = token;
+ else
+ goto err;
/* name now points to a null terminated string*/
if ((token = strsep(&id, ":")) != NULL)
vendor_id = simple_strtoul(token, NULL, 16);
+ else
+ goto err;
+
if ((token = strsep(&id, ":")) != NULL)
device_id = simple_strtoul(token, NULL, 16);
- flags = simple_strtoul(id, NULL, 16);
+ else
+ goto err;
+
+ if (id != NULL)
+ flags = simple_strtoul(id, NULL, 16);
+ else
+ goto err;
+
pr_info("%s: new device %s, vendor ID 0x%04x, device ID 0x%04x, flags: 0x%x\n",
driver_name, name, vendor_id, device_id, flags);
@@ -1476,6 +1488,7 @@ static void parse_id(char *id)
return;
for (i=0; usb_dev_id[i].name; i++);
+
usb_dev_id[i].name = name;
usb_dev_id[i].vendor = vendor_id;
usb_dev_id[i].device = device_id;
@@ -1483,6 +1496,11 @@ static void parse_id(char *id)
pegasus_ids[i].match_flags = USB_DEVICE_ID_MATCH_DEVICE;
pegasus_ids[i].idVendor = vendor_id;
pegasus_ids[i].idProduct = device_id;
+
+ return;
+
+err:
+ pr_info("malformed 'devid' module parameter\n");
}
static int __init pegasus_init(void)
