From nobody@FreeBSD.org  Thu Mar 30 05:12:14 2000
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id A0E3C37B739
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 30 Mar 2000 05:12:14 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id FAA23194;
	Thu, 30 Mar 2000 05:12:14 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Message-Id: <200003301312.FAA23194@freefall.freebsd.org>
Date: Thu, 30 Mar 2000 05:12:14 -0800 (PST)
From: stake@po.shiojiri.ne.jp
Sender: nobody@FreeBSD.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: es_callback() in /sys/pci/es1370.c does not check play_speed
X-Send-Pr-Version: www-1.0

>Number:         17688
>Category:       kern
>Synopsis:       es_callback() in /sys/pci/es1370.c does not check play_speed
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    greid
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 30 05:20:01 PST 2000
>Closed-Date:    Thu Jul 12 18:46:06 PDT 2001
>Last-Modified:  Thu Jul 12 18:46:19 PDT 2001
>Originator:     Takefumi SAYO
>Release:        FreeBSD 3.4-RELEASE
>Organization:
personal
>Environment:
FreeBSD vipal5.my.domain 3.4-RELEASE FreeBSD 3.4-RELEASE #8: Thu Mar 30 20:52:00 JST 2000     alan@vipal5.my.domain:/usr/src/sys/compile/VIPAL5  i386
>Description:
es_callback() in /sys/pci/es1370.c does not check play_speed,
so an invalid ioctl() causes integer divide fault in kernel mode.
>How-To-Repeat:
set 0 as SNDCTL_DSP_SPEED

  speed = 0;
  ioctl(fd, SNDCTL_DSP_SPEED, &speed);

>Fix:
Here is a temporary patch to avoid this problem.

*** /sys/pci/es1370.c.orig      Wed Nov 17 04:17:50 1999
--- /sys/pci/es1370.c   Thu Mar 30 20:51:42 2000
***************
*** 753,759 ****
                es1371_dac1_rate(d,d->play_speed,1); /* codec FM DAC */ /* NOT used */
                es1371_adc_rate(d, d->rec_speed, 1); /* record */
          } else /* 1370 */ {
!           es->ctrl = (es->ctrl & ~CTRL_PCLKDIV) | (DAC2_SRTODIV(d->play_speed) << CTRL_SH_PCLKDIV);
          }
                snd_set_blocksize(d);
  
--- 753,767 ----
                es1371_dac1_rate(d,d->play_speed,1); /* codec FM DAC */ /* NOT used */
                es1371_adc_rate(d, d->rec_speed, 1); /* record */
          } else /* 1370 */ {
!               int play_speed;
! 
!               play_speed = d->play_speed;
!               RANGE(play_speed, 4000, 48000);
!               if ((es_debug > 0) && (play_speed != d->play_speed))
!                       printf("es_callback play_speed modified %d -> %d\n",
!                               d->play_speed, play_speed);
!               d->play_speed = play_speed;
!               es->ctrl = (es->ctrl & ~CTRL_PCLKDIV) | (DAC2_SRTODIV(d->play_speed) << CTRL_SH_PCLKDIV);
          }
                snd_set_blocksize(d);


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->cg 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed Jun 6 13:41:24 PDT 2001 
Responsible-Changed-Why:  
Sound dude is Cameron... 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=17688 
State-Changed-From-To: open->feedback 
State-Changed-By: greid 
State-Changed-When: Thu Jul 12 18:38:45 PDT 2001 
State-Changed-Why:  
Is this still a problem with the newpcm sources? 


Responsible-Changed-From-To: cg->greid 
Responsible-Changed-By: greid 
Responsible-Changed-When: Thu Jul 12 18:38:45 PDT 2001 
Responsible-Changed-Why:  
This isn't a newpcm problem and hence not Cameron's. I'll deal with feedback. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=17688 
State-Changed-From-To: feedback->closed 
State-Changed-By: greid 
State-Changed-When: Thu Jul 12 18:46:06 PDT 2001 
State-Changed-Why:  
Mail to originator bounces. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=17688 
>Unformatted:
