[git:media_tree/master] [media] stv090x: add an extra protetion against buffer overflow

Thu, 04 Dec 2014 09:31:33 -0800 

This is an automatic generated email to let you know that the following patch 
were queued at the 
http://git.linuxtv.org/media_tree.git tree:

Subject: [media] stv090x: add an extra protetion against buffer overflow
Author:  Mauro Carvalho Chehab <[email protected]>
Date:    Thu Dec 4 14:48:42 2014 -0200

As pointed by smatch:
        drivers/media/dvb-frontends/stv090x.c:2787 stv090x_optimize_carloop() 
error: buffer overflow 'car_loop_apsk_low' 11 <= 13
        drivers/media/dvb-frontends/stv090x.c:2789 stv090x_optimize_carloop() 
error: buffer overflow 'car_loop_apsk_low' 11 <= 13
        drivers/media/dvb-frontends/stv090x.c:2791 stv090x_optimize_carloop() 
error: buffer overflow 'car_loop_apsk_low' 11 <= 13
        drivers/media/dvb-frontends/stv090x.c:2793 stv090x_optimize_carloop() 
error: buffer overflow 'car_loop_apsk_low' 11 <= 13
        drivers/media/dvb-frontends/stv090x.c:2795 stv090x_optimize_carloop() 
error: buffer overflow 'car_loop_apsk_low' 11 <= 13

The situation of a buffer overflow won't happen, in practice,
with the current values of car_loop table. Yet, the entire logic
that checks for those registration values is too complex. So,
better to add an explicit check, just in case someone changes
the car_loop tables causing a buffer overflow by mistake.

This also helps to remove several smatch warnings, with is good.

Signed-off-by: Mauro Carvalho Chehab <[email protected]>

 drivers/media/dvb-frontends/stv090x.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

---

http://git.linuxtv.org/media_tree.git?a=commitdiff;h=ffe300107d931c5cde5383db420b90e856db84ed

diff --git a/drivers/media/dvb-frontends/stv090x.c 
b/drivers/media/dvb-frontends/stv090x.c
index bce9cc1..0b2a934 100644
--- a/drivers/media/dvb-frontends/stv090x.c
+++ b/drivers/media/dvb-frontends/stv090x.c
@@ -2783,6 +2783,12 @@ static u8 stv090x_optimize_carloop(struct stv090x_state 
*state, enum stv090x_mod
                                aclc = car_loop[i].crl_pilots_off_30;
                }
        } else { /* 16APSK and 32APSK */
+               /*
+                * This should never happen in practice, except if
+                * something is really wrong at the car_loop table.
+                */
+               if (i >= 11)
+                       i = 10;
                if (state->srate <= 3000000)
                        aclc = car_loop_apsk_low[i].crl_pilots_on_2;
                else if (state->srate <= 7000000)

_______________________________________________
linuxtv-commits mailing list
[email protected]
http://www.linuxtv.org/cgi-bin/mailman/listinfo/linuxtv-commits

Reply via email to