driver_wext.c memcpy problem

Dmitry Shmidt dimitrysh
Mon May 4 10:50:13 PDT 2009 

Hi Dan,

I see what you mean - 'pos' and 'dpos' are pointing to two different buffers
and overlapping should not happen.
After digging more it seems like that I have combination of other problems.
Sorry for the wrong alert.

Thanks,

Dmitry

On Mon, May 4, 2009 at 7:26 AM, Dan Williams <dcbw at redhat.com> wrote:

> On Mon, 2009-05-04 at 01:12 -0400, Pavel Roskin wrote:
> > On Thu, 2009-04-30 at 16:42 -0700, Dmitry Shmidt wrote:
> > > Hi,
> > >
> > > In driver_wext.c in function there is memcpy that has overlapping
> > > areas :
> > > struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
> > > {
> > > ...
> > > if (wext_19_iw_point(drv, iwe->cmd)) {
> > >             /* WE-19 removed the pointer from struct iw_point */
> > >             char *dpos = (char *) &iwe_buf.u.data.length;
> > >             int dlen = dpos - (char *) &iwe_buf;
> > >             os_memcpy(dpos, pos + IW_EV_LCP_LEN,   <<<<<<<<<<
> > >                   sizeof(struct iw_event) - dlen);
> > >         } else {
> > >             os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
> > >             custom += IW_EV_POINT_OFF;
> > >         }
> > >  ...
> > > }
> > >
> > > It didn't work for me so I needed to exchange it with memmove() call.
> >
> > Actually, there is a function os_memmove() that should do it.
>
> Right, but I'd like to know how this was actually overlapping in the
> first place...  I tried to figure that out on Friday but the WEXT event
> code is impossible to understand.  I don't believe the memory *should*
> overlap, and thus this might be hiding a bug in the driver or kernel
> that the OP is using.
>
> This should just copy the iw_point structure (which is really just flags
> and length) into iwe_buf, no?
>
> Dan
>
> > > I am just curious how it worked for other people ? Is it possible that
> > > most memcpy() lib functions know how to handle overlapping areas ?
> >
> > Maybe it just iterates over the memory in the direction that we need.
> >
> > > Anyway it is not a mandatory memcpy() functionality.
> >
> > I agree.
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090504/78e37c3c/attachment.htm

More information about the Hostap mailing list