https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207786
Bug ID: 207786
Summary: gpioiic_callback() dereferences IIC "how" argument
incorrectly
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs@FreeBSD.org
Reporter: ch...@triularity.org
Created attachment 167825
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=167825&action=edit
Patch file for sys/dev/gpio/gpioiic.c
Instead of casting the "data" parameter to an int pointer and dereferencing, it
dereferences the caddr_t (a char *) and then casts that value to an int.
Currently, on little-endian systems it happens to work as expected, but is
broken for other hardware.
gpioiic_callback(device_t dev, int index, caddr_t data)
{
struct gpioiic_softc *sc = device_get_softc(dev);
int error, how;
how = GPIOBUS_DONTWAIT;
if (data != NULL && (int)*data == IIC_WAIT)
how = GPIOBUS_WAIT;
error = 0;
switch (index) {
case IIC_REQUEST_BUS:
error = GPIOBUS_ACQUIRE_BUS(sc->sc_busdev, sc->sc_dev, how);
break;
Patch file included.
Side note: To increase efficiency, it could be changed to an if/else setting of
"how" and moved into the IIC_REQUEST_BUS switch entry, as only that code uses
it.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
