search for: buffer

The code was passing sizeof(char *) - not the length of the buffer - to memset. Change the function to take the length of the buffer as a parameter. Fixes the warning: argument to 'sizeof' in 'memset' call is the same expression as the destination; did you mean to provide an explicit length? Signed-off-by: Jonathan Boeing <jonathan.n.boeing a...

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH 3.7 or...

...----------- Index: include/llvm/ADT/StringExtras.h =================================================================== --- include/llvm/ADT/StringExtras.h (revision 117247) +++ include/llvm/ADT/StringExtras.h (working copy) @@ -102,7 +102,7 @@ static inline std::string ftostr(double V) { char Buffer[200]; - sprintf(Buffer, "%20.6e", V); + snprintf(Buffer, sizeof(Buffer), "%20.6e", V); char *B = Buffer; while (*B == ' ') ++B; return B; Index: lib/System/Errno.cpp =================================================================== --- lib/System/Errno.cpp (...

These patches fix a few compiler warnings. Tested on top of commit aee0dc5565711ef5be7c30fb5fc1c5f3f98db09f Jonathan Boeing (6): Use z width specifier when printing size_t variable pxe: fix truncation warning gpllib: fix sizeof(char *) misuse hdt: fix sizeof(char *) misuse hdt: fix sizeof(char *) misuse hdt: fix sizeof(char *) misuse com32/gpllib/dmi/dmi.c | 24 +++---

Den 03.07.2019 10.32, skrev Thomas Zimmermann: > DRM clients, such as the fbdev emulation, have their buffer objects > mapped by default. Mapping a buffer implicitly prevents its relocation. > Hence, the buffer may permanently consume video memory while it's > allocated. This is a problem for drivers of low-memory devices, such as > ast, mgag200 or older framebuffer hardware, which will th...

...----- Forwarded message from Alex Lambert <alambert@quickfire.org> ----- 3.7.1 was just released. Two patches for similar issues in a very short timeframe. Who do they think they are -- Microsoft? <grin> apl -------- Original Message -------- Subject: OpenSSH Security Advisory: buffer.adv Date: Wed, 17 Sep 2003 01:13:30 +0200 From: Markus Friedl <markus@openbsd.org> To: misc@openbsd.org This is the 2nd revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to...

On Tue, Oct 20, 2020 at 02:20:44PM +0200, Thomas Zimmermann wrote: > Kernel DRM clients now store their framebuffer address in an instance > of struct dma_buf_map. Depending on the buffer's location, the address > refers to system or I/O memory. > > Callers of drm_client_buffer_vmap() receive a copy of the value in > the call's supplied arguments. It can be accessed and modified with >...

On Thu, Aug 14, 2014 at 12:34 PM, lvqcl <lvqcl.mail at gmail.com> wrote: > Jose Pablo Carballo <jose.carballo at ridgerun.com> wrote: > >> - channels = 2; >> - bps = 16; >> + channels = ((unsigned)buffer[23] << 8) | buffer[22]; >> + bps = ((unsigned)buffer[35] << 8) | buffer[34]; >> total_samples = (((((((unsigned)buffer[43] << 8) | buffer[42]) << 8) >> | buffer[41]) << 8) | buffer[40]) / 4; >> > > I suspect that the expression for total...

There was a theoretic race in this example: If the server was very fast at handling commands then it's possible that in a call such as: cookie = nbd_aio_pread_callback (..., callback, ...); buffers[i].cookie = cookie; nbd_aio_pread_callback finished and calls the callback before returning. buffers[i].cookie would therefore not be set, but the callback() function was checking the list of buffers for the cookie. This would have caused an abort() in the existing code, although we have never o...

DRM clients, such as the fbdev emulation, have their buffer objects mapped by default. Mapping a buffer implicitly prevents its relocation. Hence, the buffer may permanently consume video memory while it's allocated. This is a problem for drivers of low-memory devices, such as ast, mgag200 or older framebuffer hardware, which will then not have enough m...

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH 3.7 or...

...kernel 3.7 rc2 [ 7128.389874] nouveau E[ PGRAPH][0000:08:00.0] DATA_ERROR XY_OUT_OF_BOUNDS [ 7128.389880] nouveau [ PGRAPH][0000:08:00.0] DATA_ERROR [ 7128.389884] nouveau E[ PGRAPH][0000:08:00.0] ch 13 [0x001ecb0000] subc 5 class 0x5039 mthd 0x0328 data 0x00000000 [ 7128.631253] [TTM] Illegal buffer object size [ 7128.631570] nouveau E[ PGRAPH][0000:08:00.0] DATA_ERROR XY_OUT_OF_BOUNDS [ 7128.631574] nouveau [ PGRAPH][0000:08:00.0] DATA_ERROR [ 7128.631578] nouveau E[ PGRAPH][0000:08:00.0] ch 13 [0x001ecb0000] subc 5 class 0x5039 mthd 0x0328 data 0x00000000 [ 7128.636579] [TTM] Illegal bu...

...the diff: Index: main.c =================================================================== --- main.c (revision 1) +++ main.c (working copy) @@ -39,7 +39,7 @@ #define READSIZE 1024 static unsigned total_samples = 0; /* can use a 32-bit number due to WAVE size limitations */ -static FLAC__byte buffer[READSIZE/*samples*/ * 2/*bytes_per_sample*/ * 2/*channels*/]; /* we read the WAVE data into here */ +static FLAC__byte buffer[READSIZE/*samples*/ * 3/*bytes_per_sample*/ * 2/*channels*/]; /* we read the WAVE data into here */ static FLAC__int32 pcm[READSIZE/*samples*/ * 2/*channels*/]; int main(...

These changes are based on Jason's latest hmm branch. Patch 1 was previously posted here [1] but was dropped from the orginal series. Hopefully, the tests will reduce concerns about edge conditions. I'm sure more tests could be usefully added but I thought this was a good starting point. [1] https://lore.kernel.org/linux-mm/20190726005650.2566-6-rcampbell at nvidia.com/ Ralph Campbell

...LL); return 0; } diff --git a/tools/testing/selftests/vm/hmm-tests.c b/tools/testing/selftests/vm/hmm-tests.c index e0fa864d03fa..d58a6f5280b7 100644 --- a/tools/testing/selftests/vm/hmm-tests.c +++ b/tools/testing/selftests/vm/hmm-tests.c @@ -1442,4 +1442,296 @@ TEST_F(hmm2, double_map) hmm_buffer_free(buffer); } +/* + * Migrate private anonymous huge empty page. + */ +TEST_F(hmm, migrate_anon_huge_empty) +{ + struct hmm_buffer *buffer; + unsigned long npages; + unsigned long size; + unsigned long i; + void *old_ptr; + void *map; + int *ptr; + int ret; + + size = TWOMEG; + + buffer = mall...

Kernel DRM clients now store their framebuffer address in an instance of struct dma_buf_map. Depending on the buffer's location, the address refers to system or I/O memory. Callers of drm_client_buffer_vmap() receive a copy of the value in the call's supplied arguments. It can be accessed and modified with dma_buf_map interfaces. Sign...

Previously discussed here: https://www.redhat.com/archives/libguestfs/2019-July/msg00213.html It turns out that deferring callbacks is a PITA. (It would be a bit easier if C has closures.) However by rewriting the example we can avoid the need to use the cookie at all and make it run a bit more efficiently, so let's do that instead. Rich.

...uption now seems too be solved with the patch (plus amendment) that I posted, so I am happy about that... but there is more. I have known for a while that ext3 doesn't behave very well when the journal fills up. If it finds that the journal is full, and the oldest transaction still has dirty buffers, the checkpoint code (log_do_checkpoing) will, despite comments to the contrary, flush out *all* dirty buffers that are attached to the journal, and will wait for all of them to be written to disc. This can cause my fileserver to pause for a number of seconds while the journal empties, which is v...

Kernel DRM clients now store their framebuffer address in an instance of struct dma_buf_map. Depending on the buffer's location, the address refers to system or I/O memory. Callers of drm_client_buffer_vmap() receive a copy of the value in the call's supplied arguments. It can be accessed and modified with dma_buf_map interfaces. Sign...

...: 16492 ACK User-Agent: Grandstream GXV3000 1.1.3.29 Max-Forwards: 69 Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE,UPDATE,PRACK Content-Length: 0 <-------------> --- (14 headers 0 lines) --- [Mar 18 11:55:50] NOTICE[13512]: app_meetme.c:1918 conf_run: Audio bytes: 726 Buffer size: 320 [Mar 18 11:55:50] NOTICE[13512]: app_meetme.c:1918 conf_run: Audio bytes: 320 Buffer size: 726 [Mar 18 11:55:50] NOTICE[13512]: app_meetme.c:1918 conf_run: Audio bytes: 930 Buffer size: 320 [Mar 18 11:55:50] NOTICE[13512]: app_meetme.c:1918 conf_run: Audio bytes: 320 Buffer size: 93...