| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/usb/usb_device.h" | 5 #include "chrome/browser/usb/usb_device.h" |
| 6 | 6 |
| 7 #include "base/stl_util.h" | 7 #include "base/stl_util.h" |
| 8 #include "base/synchronization/lock.h" | 8 #include "base/synchronization/lock.h" |
| 9 #include "chrome/browser/usb/usb_service.h" | 9 #include "chrome/browser/usb/usb_service.h" |
| 10 #include "third_party/libusb/src/libusb/libusb.h" | 10 #include "third_party/libusb/src/libusb/libusb.h" |
| (...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 270 SubmitTransfer(transfer, USB_TRANSFER_INTERRUPT, buffer, length, callback); | 270 SubmitTransfer(transfer, USB_TRANSFER_INTERRUPT, buffer, length, callback); |
| 271 } | 271 } |
| 272 | 272 |
| 273 void UsbDevice::IsochronousTransfer(const TransferDirection direction, | 273 void UsbDevice::IsochronousTransfer(const TransferDirection direction, |
| 274 const uint8 endpoint, net::IOBuffer* buffer, const size_t length, | 274 const uint8 endpoint, net::IOBuffer* buffer, const size_t length, |
| 275 const unsigned int packets, const unsigned int packet_length, | 275 const unsigned int packets, const unsigned int packet_length, |
| 276 const unsigned int timeout, const UsbTransferCallback& callback) { | 276 const unsigned int timeout, const UsbTransferCallback& callback) { |
| 277 CheckDevice(); | 277 CheckDevice(); |
| 278 | 278 |
| 279 const uint64 total_length = packets * packet_length; | 279 const uint64 total_length = packets * packet_length; |
| 280 if (total_length > length) { | 280 CHECK(packets <= length && total_length <= length) << |
| 281 callback.Run(USB_TRANSFER_LENGTH_SHORT, NULL, 0); | 281 "transfer length is too small"; |
| 282 return; | |
| 283 } | |
| 284 | 282 |
| 285 struct libusb_transfer* const transfer = libusb_alloc_transfer(packets); | 283 struct libusb_transfer* const transfer = libusb_alloc_transfer(packets); |
| 286 const uint8 new_endpoint = ConvertTransferDirection(direction) | endpoint; | 284 const uint8 new_endpoint = ConvertTransferDirection(direction) | endpoint; |
| 287 libusb_fill_iso_transfer(transfer, handle_, new_endpoint, | 285 libusb_fill_iso_transfer(transfer, handle_, new_endpoint, |
| 288 reinterpret_cast<uint8*>(buffer->data()), length, packets, | 286 reinterpret_cast<uint8*>(buffer->data()), length, packets, |
| 289 HandleTransferCompletion, this, timeout); | 287 HandleTransferCompletion, this, timeout); |
| 290 libusb_set_iso_packet_lengths(transfer, packet_length); | 288 libusb_set_iso_packet_lengths(transfer, packet_length); |
| 291 | 289 |
| 292 SubmitTransfer(transfer, USB_TRANSFER_ISOCHRONOUS, buffer, length, callback); | 290 SubmitTransfer(transfer, USB_TRANSFER_ISOCHRONOUS, buffer, length, callback); |
| 293 } | 291 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 306 transfer.buffer = buffer; | 304 transfer.buffer = buffer; |
| 307 transfer.length = length; | 305 transfer.length = length; |
| 308 transfer.callback = callback; | 306 transfer.callback = callback; |
| 309 | 307 |
| 310 { | 308 { |
| 311 base::AutoLock lock(lock_); | 309 base::AutoLock lock(lock_); |
| 312 transfers_[handle] = transfer; | 310 transfers_[handle] = transfer; |
| 313 libusb_submit_transfer(handle); | 311 libusb_submit_transfer(handle); |
| 314 } | 312 } |
| 315 } | 313 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12096024:
Add validation to length, packets and packetLength parameters (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/