Re: uimove works only if null terminated string is writen
Re: uimove works only if null terminated string is writen
- Subject: Re: uimove works only if null terminated string is writen
- From: Jeremy Pereira <email@hidden>
- Date: Mon, 25 Sep 2006 15:55:24 +0100
Sending again from the correct account so it doesn't bounce.
Are you doing this on PowerPC architecture or i386?
On 25 Sep 2006, at 12:57, sanjay yaragatti wrote:
Hi all,
I had recently posted a mail asking about the
problems faced in dev_write of a character deive using
uiomove.I am now able to print the data after doing
the uiomove() opearation i,e print the data after
copying from user space to kernel space. I have
observed that uimove() api in the driver works only
when u write a null terminated string from the user
space application. How do i write a single character
from user space application which is not null
terminated??
write(device_fd, (char *)&c, 1); //doesnt work
write(device_fd, str, strlen(str)); // works fine
Here you are not writing the null character at the end of the string.
strlen (str) returns the number of characters before the first null
Here is the sample user space application through
which i am writng to and reading from the driver.
int main()
{
FILE *fp = NULL;
int device_fd = -1;
char str[50] = {0};
char file_name[40] = {0};
printf("Enter the file name\n");
scanf("%s", file_name);
Here you have a potential buffer overflow exploit :-)
device_fd = open(dev_name, O_RDWR);
fp = fopen(file_name, "r");
if (fp == NULL)
{
printf("File open failed\n");
return ;
}
//while ((c = fgetc(fp)) != EOF) // doesnt work
c is an int. i.e. 4 bytes
while ((retval= fgets(str,sizeof(str),fp)) != NULL)
{
//ret = write(device_fd, (char *)&c, 1); // doesnt
On PowerPC, (char*)&c points to the high byte of c, probably a null
byte. On i386 it points to your character.
work
ret = write(device_fd, str, 10); // works fine
}
}
e.g. on a PowerPC based Mac:
jeremyp@pamela:jeremyp$ cat >test_endian.c
#include <stdio.h>
int main ()
{
int c = 'X' ;
printf ("c = 0xx, *(char*)&c = 0xx, *((char*)&c + 3) =
0xx\n",
c,
(int) (*(char*)&c),
(int) (*((char*)&c + 3))) ;
return 0 ;
}
jeremyp@pamela:jeremyp$ cc test_endian.c
jeremyp@pamela:jeremyp$ ./a.out
c = 0x00000058, *(char*)&c = 0x00, *((char*)&c + 3) = 0x58
On an Intel based Mac the output looks like this:
c = 0x00000058, *(char*)&c = 0x58, *((char*)&c + 3) = 0x00
__________________________________________________________
Yahoo! India Answers: Share what you know. Learn something new
http://in.answers.yahoo.com/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden