|
|
@@ -369,13 +369,13 @@ static ssize_t usbtmc_read(struct file *filp, char __user *buf,
|
|
|
{
|
|
|
struct usbtmc_device_data *data;
|
|
|
struct device *dev;
|
|
|
- unsigned long int n_characters;
|
|
|
+ u32 n_characters;
|
|
|
u8 *buffer;
|
|
|
int actual;
|
|
|
- int done;
|
|
|
- int remaining;
|
|
|
+ size_t done;
|
|
|
+ size_t remaining;
|
|
|
int retval;
|
|
|
- int this_part;
|
|
|
+ size_t this_part;
|
|
|
|
|
|
/* Get pointer to private data structure */
|
|
|
data = filp->private_data;
|
|
|
@@ -461,6 +461,18 @@ static ssize_t usbtmc_read(struct file *filp, char __user *buf,
|
|
|
(buffer[6] << 16) +
|
|
|
(buffer[7] << 24);
|
|
|
|
|
|
+ /* Ensure the instrument doesn't lie about it */
|
|
|
+ if(n_characters > actual - 12) {
|
|
|
+ dev_err(dev, "Device lies about message size: %zu > %zu\n", n_characters, actual - 12);
|
|
|
+ n_characters = actual - 12;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Ensure the instrument doesn't send more back than requested */
|
|
|
+ if(n_characters > this_part) {
|
|
|
+ dev_err(dev, "Device returns more than requested: %zu > %zu\n", done + n_characters, done + this_part);
|
|
|
+ n_characters = this_part;
|
|
|
+ }
|
|
|
+
|
|
|
/* Copy buffer to user space */
|
|
|
if (copy_to_user(buf + done, &buffer[12], n_characters)) {
|
|
|
/* There must have been an addressing problem */
|
|
|
@@ -471,6 +483,8 @@ static ssize_t usbtmc_read(struct file *filp, char __user *buf,
|
|
|
done += n_characters;
|
|
|
if (n_characters < USBTMC_SIZE_IOBUFFER)
|
|
|
remaining = 0;
|
|
|
+ else
|
|
|
+ remaining -= n_characters;
|
|
|
}
|
|
|
|
|
|
/* Update file position value */
|
Guus Sliepen