(nuttx) 15/15: drivers/video/isx012: Fix buffer overrun of isx012_putreg()

Mon, 11 Mar 2024 07:45:29 -0700 

This is an automated email from the ASF dual-hosted git repository.

jerpelea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git

commit bac0228825ee93af86b66ee1d69081f54b248d4c
Author: SPRESENSE <41312067+sprese...@users.noreply.github.com>
AuthorDate: Tue Dec 19 15:25:59 2023 +0900

    drivers/video/isx012: Fix buffer overrun of isx012_putreg()
    
    The maximum size of ISX012 register is 4 bytes.
    So, extend temporary buffer size.
    
    Detected by CodeSonar 141893
---
 drivers/video/isx012.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/video/isx012.c b/drivers/video/isx012.c
index 5c4b69bb90..d612a689c7 100644
--- a/drivers/video/isx012.c
+++ b/drivers/video/isx012.c
@@ -216,7 +216,7 @@ typedef struct isx012_dev_s isx012_dev_t;
 static uint16_t isx012_getreg(FAR isx012_dev_t *priv,
                               uint16_t regaddr, uint16_t regsize);
 static int     isx012_putreg(FAR isx012_dev_t *priv, uint16_t regaddr,
-                             uint16_t regval, uint16_t regsize);
+                             uint32_t regval, uint16_t regsize);
 static int     isx012_putreglist(FAR isx012_dev_t *priv,
                          FAR const isx012_reg_t *reglist, size_t nentries);
 #ifdef ISX012_CHECK_IN_DETAIL
@@ -676,8 +676,8 @@ static uint16_t isx012_getreg(FAR isx012_dev_t *priv,
                               uint16_t regaddr, uint16_t regsize)
 {
   struct i2c_config_s config;
-  volatile uint16_t regval = 0;
-  volatile uint8_t buffer[2];
+  uint16_t regval = 0;
+  uint8_t buffer[2];
   int ret;
 
   /* Set up the I2C configuration */
@@ -719,12 +719,14 @@ static uint16_t isx012_getreg(FAR isx012_dev_t *priv,
 }
 
 static int isx012_putreg(FAR isx012_dev_t *priv,
-                         uint16_t regaddr, uint16_t regval, uint16_t regsize)
+                         uint16_t regaddr, uint32_t regval, uint16_t regsize)
 {
   struct i2c_config_s config;
-  volatile uint8_t buffer[4];
+  uint8_t buffer[6];
   int ret;
 
+  DEBUGASSERT(regsize <= 4);
+
   /* Set up the I2C configuration */
 
   config.frequency = priv->i2c_freq;
@@ -779,7 +781,7 @@ static int isx012_chk_int_state(FAR isx012_dev_t *priv,
                                 uint32_t wait_time, uint32_t timeout)
 {
   int ret = 0;
-  volatile uint8_t data;
+  uint8_t data;
   uint32_t time = 0;
 
   nxsig_usleep(delay_time * 1000);

Reply via email to