PC Console /dev/speaker bug

Peter Wemm (peter@haywire.DIALix.COM)
Fri, 14 Oct 1994 18:13:18 +0800 (WST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bill Heiser: "Re: finger-bombing"
Previous message: Ivan Kopacik: "Re: Internet worm question?"

Just to throw off the conversation of politics, source code
publication, and network counter-attacks with finger or sidewinder
etc..  Here's a bug that might actually fit the charter of the
list.. :-)

Eric Raymond wrote a device driver for SYSV/386 boxes for the console
speaker.  It runs on system V release 3.2 and above.

It's also (apparently) been ported to FreeBSD and/or NetBSD as
"pcspkr" I think.

Try this after a few 'sync's:

echo '>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a>a' > /dev/speaker

There's a bug in the code that checks for the upper limit of the
octave counter, which is what the '>' does.  This raises the octave
and plays an 'a' note.

Only catch is.. there's only 6 octaves, and the default is number 3.

You can raise it to 24 or so.. Which causes an access outside of the
note frequency divisor table.  If you keep raising it, the chances of
finding a '0' in the data following the table in memory are good.
Divide by zero.. panic...

>From memory (I've lost the original code) the fix is something like
this:

long notetable[] = { ..... };

if (oct++ >  sizeof(notetable) ) {
	oct--;
	return;
}

This is a subtle error, try changing it to something like this:

if (oct++ > ( sizeof(notetable) / sizeof(notetable[0]) ) {
	oct--;
	return;
}


Naturally, you'd be advised to make the appropriate fixes for your
version if you have it installed, or just disable the driver until a
fix is found.

[look for it on archie as 'speaker.shar' or 'speaker.tar' from memory]

-Peter

Next message: Bill Heiser: "Re: finger-bombing"
Previous message: Ivan Kopacik: "Re: Internet worm question?"