Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Mar 2000 05:12:14 -0800 (PST)
From:      stake@po.shiojiri.ne.jp
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/17688: es_callback() in /sys/pci/es1370.c does not check play_speed
Message-ID:  <200003301312.FAA23194@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         17688
>Category:       kern
>Synopsis:       es_callback() in /sys/pci/es1370.c does not check play_speed
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 30 05:20:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Takefumi SAYO
>Release:        FreeBSD 3.4-RELEASE
>Organization:
personal
>Environment:
FreeBSD vipal5.my.domain 3.4-RELEASE FreeBSD 3.4-RELEASE #8: Thu Mar 30 20:52:00 JST 2000     alan@vipal5.my.domain:/usr/src/sys/compile/VIPAL5  i386
>Description:
es_callback() in /sys/pci/es1370.c does not check play_speed,
so an invalid ioctl() causes integer divide fault in kernel mode.
>How-To-Repeat:
set 0 as SNDCTL_DSP_SPEED

  speed = 0;
  ioctl(fd, SNDCTL_DSP_SPEED, &speed);

>Fix:
Here is a temporary patch to avoid this problem.

*** /sys/pci/es1370.c.orig      Wed Nov 17 04:17:50 1999
--- /sys/pci/es1370.c   Thu Mar 30 20:51:42 2000
***************
*** 753,759 ****
                es1371_dac1_rate(d,d->play_speed,1); /* codec FM DAC */ /* NOT used */
                es1371_adc_rate(d, d->rec_speed, 1); /* record */
          } else /* 1370 */ {
!           es->ctrl = (es->ctrl & ~CTRL_PCLKDIV) | (DAC2_SRTODIV(d->play_speed) << CTRL_SH_PCLKDIV);
          }
                snd_set_blocksize(d);
  
--- 753,767 ----
                es1371_dac1_rate(d,d->play_speed,1); /* codec FM DAC */ /* NOT used */
                es1371_adc_rate(d, d->rec_speed, 1); /* record */
          } else /* 1370 */ {
!               int play_speed;
! 
!               play_speed = d->play_speed;
!               RANGE(play_speed, 4000, 48000);
!               if ((es_debug > 0) && (play_speed != d->play_speed))
!                       printf("es_callback play_speed modified %d -> %d\n",
!                               d->play_speed, play_speed);
!               d->play_speed = play_speed;
!               es->ctrl = (es->ctrl & ~CTRL_PCLKDIV) | (DAC2_SRTODIV(d->play_speed) << CTRL_SH_PCLKDIV);
          }
                snd_set_blocksize(d);


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003301312.FAA23194>