diff options
author | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2008-10-18 01:25:30 +0200 |
---|---|---|
committer | Dan Dennedy <dan@dennedy.org> | 2008-10-28 22:56:48 -0700 |
commit | 7b8d2703525b40c743456c4bb2e129ae515c55bb (patch) | |
tree | a5832c8b7af04336f2e347a880632adbce004891 | |
parent | 0bf8132319fe11e5d63d3757b7dcf6a8f5745400 (diff) | |
download | libraw1394-7b8d2703525b40c743456c4bb2e129ae515c55bb.tar.gz |
Fix segfault in juju's handle_arm_request
The buffer pointers were uninitialized, leading to segfault in memcpy.
Bug report and initial version of the fix by Adrian Knoth.
Signed-off-by: Dan Dennedy <dan@dennedy.org>
-rw-r--r-- | src/fw.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -773,10 +773,12 @@ handle_arm_request(raw1394handle_t handle, struct address_closure *ac, } rrb->request.generation = fwhandle->reset.generation; rrb->request.buffer_length = in_length; + rrb->request.buffer = rrb->data; memcpy(rrb->request.buffer, request->data, in_length); rrb->response.response_code = response.rcode; rrb->response.buffer_length = response.length; + rrb->response.buffer = rrb->data + in_length; memcpy(rrb->response.buffer, allocation->data + offset, response.length); |