From ffe300107d931c5cde5383db420b90e856db84ed Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Thu, 4 Dec 2014 14:48:42 -0200 Subject: [media] stv090x: add an extra protetion against buffer overflow As pointed by smatch: drivers/media/dvb-frontends/stv090x.c:2787 stv090x_optimize_carloop() error: buffer overflow 'car_loop_apsk_low' 11 <= 13 drivers/media/dvb-frontends/stv090x.c:2789 stv090x_optimize_carloop() error: buffer overflow 'car_loop_apsk_low' 11 <= 13 drivers/media/dvb-frontends/stv090x.c:2791 stv090x_optimize_carloop() error: buffer overflow 'car_loop_apsk_low' 11 <= 13 drivers/media/dvb-frontends/stv090x.c:2793 stv090x_optimize_carloop() error: buffer overflow 'car_loop_apsk_low' 11 <= 13 drivers/media/dvb-frontends/stv090x.c:2795 stv090x_optimize_carloop() error: buffer overflow 'car_loop_apsk_low' 11 <= 13 The situation of a buffer overflow won't happen, in practice, with the current values of car_loop table. Yet, the entire logic that checks for those registration values is too complex. So, better to add an explicit check, just in case someone changes the car_loop tables causing a buffer overflow by mistake. This also helps to remove several smatch warnings, with is good. Signed-off-by: Mauro Carvalho Chehab --- drivers/media/dvb-frontends/stv090x.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'drivers/media') diff --git a/drivers/media/dvb-frontends/stv090x.c b/drivers/media/dvb-frontends/stv090x.c index bce9cc1..0b2a934 100644 --- a/drivers/media/dvb-frontends/stv090x.c +++ b/drivers/media/dvb-frontends/stv090x.c @@ -2783,6 +2783,12 @@ static u8 stv090x_optimize_carloop(struct stv090x_state *state, enum stv090x_mod aclc = car_loop[i].crl_pilots_off_30; } } else { /* 16APSK and 32APSK */ + /* + * This should never happen in practice, except if + * something is really wrong at the car_loop table. + */ + if (i >= 11) + i = 10; if (state->srate <= 3000000) aclc = car_loop_apsk_low[i].crl_pilots_on_2; else if (state->srate <= 7000000) -- cgit v1.1