[PATCH] idmouse cleanup and overflow fix
authorAl Viro <viro@ftp.linux.org.uk>
Sat, 29 Oct 2005 10:56:13 +0000 (11:56 +0100)
committerLinus Torvalds <torvalds@g5.osdl.org>
Sat, 29 Oct 2005 17:35:08 +0000 (10:35 -0700)
switched to simple_read_from_buffer(), killed broken use of min().
Incidentally, that use of min() had been fixed once, only to be
reintroduced in commit 4244f72436ab77c3c29a6447af81734ab3925d85:

    [PATCH] USB: upgrade of the idmouse driver

[snip]
-       if (count > IMGSIZE - *ppos)
-               count = IMGSIZE - *ppos;
+       count = min ((loff_t)count, IMGSIZE - (*ppos));

Note the lovely use of cast to shut the warning about misuse of min()
up...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
drivers/usb/misc/idmouse.c

index 3944a55ed74cecabdd1b9d24415f22bdc8e5069e..1dc3e0f73014eeb5efad58cb58193972738ed98e 100644 (file)
@@ -319,20 +319,8 @@ static ssize_t idmouse_read(struct file *file, char __user *buffer, size_t count
                return -ENODEV;
        }
 
-       if (*ppos >= IMGSIZE) {
-               up (&dev->sem);
-               return 0;
-       }
-
-       count = min ((loff_t)count, IMGSIZE - (*ppos));
-
-       if (copy_to_user (buffer, dev->bulk_in_buffer + *ppos, count)) {
-               result = -EFAULT;
-       } else {
-               result = count;
-               *ppos += count;
-       }
-
+       result = simple_read_from_buffer(buffer, count, ppos,
+                                       dev->bulk_in_buffer, IMGSIZE);
        /* unlock the device */
        up(&dev->sem);
        return result;