LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices

Reply
 
Search this Thread
Old 10-24-2012, 03:47 AM   #1
zobin
LQ Newbie
 
Registered: Dec 2011
Location: China
Posts: 5

Rep: Reputation: 0
Exclamation what can change integer 'retd'?(eeprom)


int platrom_write_check( struct file *filp, const char *buf, size_t count, loff_t *fpos )
{
LONG cnt, ret, pos;
char * ptr;
pos = *fpos;
for (cnt = 0; cnt < 3; cnt++)
{
ret = platrom_write(filp, buf, count, fpos);
printk("1 write %d bytes\n", ret);//880
ptr = (char *)kmalloc(ret, GFP_KERNEL);
printk("2 write %d bytes\n", ret);//880
platrom_read(filp, ptr, ret, &pos);
printk("3 write %d bytes\n", ret);//0
if (!strncmp(ptr, buf, ret))
{
printk("4 write %d bytes\n", ret);//0
break;
}
}
if (cnt == 3)
{
return -EIO;
}
printk("write %d bytes.....\n", ret);//0
kfree(ptr);
return ret;
}
--------------------------------------------------------
printing result is 880 880 0 0 0;how can ret be changed to '0'at step 3?
thanks!
 
Old 10-24-2012, 04:09 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,218

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
platrom_read() function can change it if 3rd argument is passed by reference. I assume it return that way how many bytes was really read, you should check this and react accordingly. Please use a CODE tags aroud your source to better readability.

Last edited by eSelix; 10-24-2012 at 04:12 AM.
 
Old 10-24-2012, 04:17 AM   #3
zobin
LQ Newbie
 
Registered: Dec 2011
Location: China
Posts: 5

Original Poster
Rep: Reputation: 0
Exclamation

Quote:
Originally Posted by eSelix View Post
platrom_read() function can change it if 3rd argument is passed by reference. I assume it return that way how many bytes was really read, you should check this and react accordingly. Please use a CODE tags aroud your source to better readability.
hi,'ret' is not a refrence,just a local variable.platrom_read() changed its value,but i don't know how.the fllowing is the code of platrom_read():

int platrom_read( struct file *filp, char *buf, size_t count, loff_t *fpos )
{
int RET;
unsigned char * pCurs;
BYTE bFirstWriteLen;

_lCurPtrPos = *fpos;
RET = count;

if((_lCurPtrPos + RET) > 0x10000)
{
RET = 0x10000 -_lCurPtrPos;
}

I2C_Start_COMM();
I2C_ROM_SetDEVAddress(EEPROM_W);
I2C_Set_Address(_lCurPtrPos);
I2C_Stop_COMM();

count = RET;
pCurs = (unsigned char *) buf;
if ((_lCurPtrPos & ~ROM_PAGE_MASK) && ((_lCurPtrPos & ROM_PAGE_MASK) != ((_lCurPtrPos + RET) & ROM_PAGE_MASK)))
{
bFirstWriteLen = ROM_PAGE_SIZE - (_lCurPtrPos & ~ROM_PAGE_MASK);
if(AT24C512_BlockRead(_lCurPtrPos, pCurs, bFirstWriteLen))
{
return -EIO;
}
count -= bFirstWriteLen;
pCurs += bFirstWriteLen;
}
if(AT24C512_BlockRead(_lCurPtrPos, pCurs, count))
{
return -EIO;
}

*fpos = _lCurPtrPos;

return RET;
}
 
Old 10-24-2012, 05:43 AM   #4
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,218

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
There is possibility that memory occupied by "ret" variable in platrom_write_check() function is rewritten by platrom_read() due overflow. If you use debugger, make a breakpoint on write to "ret" address or step through platrom_read() watching when data under memory address of "ret" is changed. If not then print out this data in platrom_read() after each suspected instruction (where pointer is used). I suspect overflowing "_lCurPtrPos".
 
1 members found this post helpful.
Old 10-24-2012, 08:16 PM   #5
zobin
LQ Newbie
 
Registered: Dec 2011
Location: China
Posts: 5

Original Poster
Rep: Reputation: 0
Smile

Quote:
Originally Posted by eSelix View Post
There is possibility that memory occupied by "ret" variable in platrom_write_check() function is rewritten by platrom_read() due overflow. If you use debugger, make a breakpoint on write to "ret" address or step through platrom_read() watching when data under memory address of "ret" is changed. If not then print out this data in platrom_read() after each suspected instruction (where pointer is used). I suspect overflowing "_lCurPtrPos".
You are right,thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can an EEPROM Be Flaky? Super TWiT Linux - Hardware 9 06-02-2010 03:32 PM
Bad eeprom on my touchscreen metalx1000 Linux - Hardware 1 03-02-2007 06:41 PM
TV card, no sound, eeprom invalid, no eeprom present (err=-121) cncman Linux - Hardware 1 08-05-2006 07:24 AM
EEPROM Checksum Is Not Valid tikliang Linux - Networking 1 06-09-2006 10:57 PM
LTSP - Need EEPROM? Can't use BIOS? lazlow69 Linux - Hardware 5 02-27-2003 03:52 PM


All times are GMT -5. The time now is 05:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration