drivers/media/video/bt866.c: array overflows

From: Adrian Bunk
Date: Mon Aug 14 2006 - 19:21:11 EST

Next message: Grant Coady: "Re: Strange write starvation on 2.6.17 (and other) kernels"
Previous message: Randy.Dunlap: "Re: [PATCH 0/4] aic7xxx: remove excessive inlining"
Next in thread: Martin Samuelsson: "Re: drivers/media/video/bt866.c: array overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The Coverity checker spotted the following two array overflows:

<-- snip -->

...
struct bt866 {
...
unsigned char reg[128];
...
}
...
static int bt866_do_command(struct bt866 *encoder,
unsigned int cmd, void *arg)
{
...
val = encoder->reg[0xdc];
...
bt866_write(encoder, 0xdc, val);
...
}
...
static int bt866_write(struct bt866 *encoder,
unsigned char subaddr, unsigned char data)
{
...
encoder->reg[subaddr] = data;
...
}
...

<-- snip -->

The two bugs are obvious:
0xdc = 220 >= 128

cu
Adrian

--

Gentoo kernels are 42 times more popular than SUSE kernels among
KLive users (a service by SUSE contractor Andrea Arcangeli that
gathers data about kernels from many users worldwide).

There are three kinds of lies: Lies, Damn Lies, and Statistics.
Benjamin Disraeli

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Grant Coady: "Re: Strange write starvation on 2.6.17 (and other) kernels"
Previous message: Randy.Dunlap: "Re: [PATCH 0/4] aic7xxx: remove excessive inlining"
Next in thread: Martin Samuelsson: "Re: drivers/media/video/bt866.c: array overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]