leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
525cac7574
linux/drivers/media/pci
History
Daniel Scheller 525cac7574 media: ddbridge/mci: protect against out-of-bounds array access in stop() 
In stop(), an (unlikely) out-of-bounds write error can occur when setting
the demod_in_use element indexed by state->demod to zero, as state->demod
isn't checked for being in the range of the array size of demod_in_use, and
state->demod maybe carrying the magic 0xff (demod unused) value. Prevent
this by checking state->demod not exceeding the array size before setting
the element value. To make the code a bit easier to read, replace the magic
value and the number of array elements with defines, and use them at a few
more places.

Detected by CoverityScan, CID#1468550 ("Out-of-bounds write")

Thanks to Colin for reporting the problem and providing an initial patch.

Fixes: daeeb1319e ("media: ddbridge: initial support for MCI-based MaxSX8 cards")

Reported-by: Colin Ian King <colin.king@canonical.com>
Cc: Ralph Metzler <rjkm@metzlerbros.de>
Signed-off-by: Daniel Scheller <d.scheller@gmx.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
2018-05-28 17:43:20 -04:00
..
b2c2 media: move dvb kAPI headers to include/media 2017-12-28 13:16:01 -05:00
bt8xx Linux 4.17-rc4 2018-05-10 07:19:23 -04:00
cobalt media: cobalt: add SPDX license info 2018-02-14 13:15:33 -05:00
cx18 media: s5h14*.h: fix typos for CONTINUOUS 2018-03-06 05:15:02 -05:00
cx88 Linux 4.17-rc4 2018-05-10 07:19:23 -04:00
cx23885 media: cx23885: Add some missing register documentation 2018-05-11 11:29:53 -04:00
cx25821 media: cx25821: prevent out-of-bounds read on array card 2018-02-26 08:00:06 -05:00
ddbridge media: ddbridge/mci: protect against out-of-bounds array access in stop() 2018-05-28 17:43:20 -04:00
dm1105 media: move dvb kAPI headers to include/media 2017-12-28 13:16:01 -05:00
dt3155 media: Remove depends on HAS_DMA in case of platform dependency 2018-05-28 16:17:08 -04:00
intel media: Remove depends on HAS_DMA in case of platform dependency 2018-05-28 16:17:08 -04:00
ivtv media: ivtvfb: Cleanup some warnings 2018-03-23 06:56:15 -04:00
mantis media: mantis: prevent staying forever in a loop at IRQ 2018-04-17 05:50:05 -04:00
meye media: meye: allow building it with COMPILE_TEST on non-x86 2018-05-05 11:41:58 -04:00
netup_unidvb media: move dvb kAPI headers to include/media 2017-12-28 13:16:01 -05:00
ngene media: ngene: fix ci_tsfix modparam description typo 2018-05-05 09:43:54 -04:00
pluto2 media: fix usage of whitespaces and on indentation 2018-01-04 13:12:01 -05:00
pt1 media: Use ktime_set() in pt1.c 2018-05-09 16:30:17 -04:00
pt3 media: Revert cleanup ktime_set() usage 2018-05-09 16:31:06 -04:00
saa7134 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-04-06 11:07:08 -07:00
saa7146 media: replace all <spaces><tab> occurrences 2018-01-04 13:15:05 -05:00
saa7164 media: saa7164: Fix driver name in debug output 2018-05-09 16:27:41 -04:00
smipcie media: move dvb kAPI headers to include/media 2017-12-28 13:16:01 -05:00
solo6x10 media: Remove depends on HAS_DMA in case of platform dependency 2018-05-28 16:17:08 -04:00
sta2x11 media: Remove depends on HAS_DMA in case of platform dependency 2018-05-28 16:17:08 -04:00
ttpci media: ttpci: improve printing of encoded MAC address 2018-03-22 06:16:23 -04:00
tw68 media: tw68: fix kernel-doc markups 2017-11-30 04:18:56 -05:00
tw686x media: tw686x: Fix incorrect vb2_mem_ops GFP flags 2018-05-28 16:21:41 -04:00
tw5864 media: Remove depends on HAS_DMA in case of platform dependency 2018-05-28 16:17:08 -04:00
Kconfig media: zoran: move to staging in preparation for removal 2018-05-25 15:21:36 -04:00
Makefile media: zoran: move to staging in preparation for removal 2018-05-25 15:21:36 -04:00