leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
525cac7574
linux/drivers/media/pci/ddbridge
History
Daniel Scheller 525cac7574 media: ddbridge/mci: protect against out-of-bounds array access in stop() 
In stop(), an (unlikely) out-of-bounds write error can occur when setting
the demod_in_use element indexed by state->demod to zero, as state->demod
isn't checked for being in the range of the array size of demod_in_use, and
state->demod maybe carrying the magic 0xff (demod unused) value. Prevent
this by checking state->demod not exceeding the array size before setting
the element value. To make the code a bit easier to read, replace the magic
value and the number of array elements with defines, and use them at a few
more places.

Detected by CoverityScan, CID#1468550 ("Out-of-bounds write")

Thanks to Colin for reporting the problem and providing an initial patch.

Fixes: daeeb1319e ("media: ddbridge: initial support for MCI-based MaxSX8 cards")

Reported-by: Colin Ian King <colin.king@canonical.com>
Cc: Ralph Metzler <rjkm@metzlerbros.de>
Signed-off-by: Daniel Scheller <d.scheller@gmx.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
2018-05-28 17:43:20 -04:00
..
ddbridge-ci.c media: ddbridge, cxd2099: include guard, fix unneeded NULL init, strings 2018-05-04 14:20:24 -04:00
ddbridge-ci.h media: ddbridge: move CI detach code to ddbridge-ci.c 2017-12-19 07:19:51 -05:00
ddbridge-core.c media: ddbridge: recognize and attach the MaxSX8 cards 2018-05-04 10:51:33 -04:00
ddbridge-hw.c media: ddbridge: add hardware defs and PCI IDs for MCI cards 2018-05-04 10:51:05 -04:00
ddbridge-hw.h media: ddbridge: remove ddb_info's from the global scope 2017-08-20 07:41:38 -04:00
ddbridge-i2c.c media: ddbridge: add helper for IRQ handler setup 2018-05-04 10:34:04 -04:00
ddbridge-i2c.h media: ddbridge: bump ddbridge code to version 0.9.29 2017-08-20 07:01:04 -04:00
ddbridge-io.h media: ddbridge: fix build warnings 2017-11-07 03:12:17 -05:00
ddbridge-main.c media: ddbridge: add hardware defs and PCI IDs for MCI cards 2018-05-04 10:51:05 -04:00
ddbridge-max.c media: ddbridge/max: implement MCI/MaxSX8 attach function 2018-05-04 10:49:57 -04:00
ddbridge-max.h media: ddbridge/max: implement MCI/MaxSX8 attach function 2018-05-04 10:49:57 -04:00
ddbridge-mci.c media: ddbridge/mci: protect against out-of-bounds array access in stop() 2018-05-28 17:43:20 -04:00
ddbridge-mci.h media: ddbridge/mci: protect against out-of-bounds array access in stop() 2018-05-28 17:43:20 -04:00
ddbridge-regs.h media: ddbridge, cxd2099: include guard, fix unneeded NULL init, strings 2018-05-04 14:20:24 -04:00
ddbridge.h media: ddbridge: set driver version to 0.9.33-integrated 2018-05-04 10:51:55 -04:00
Kconfig media: ddbridge: support dummy tuners with 125MByte/s dummy data stream 2018-05-04 10:43:48 -04:00
Makefile media: ddbridge: initial support for MCI-based MaxSX8 cards 2018-05-04 10:49:20 -04:00