Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ivtv>
  3. devel
[PATCH] ivtv: Read buffer overflow
roel.kluin at gmail
Jul 23, 2009, 2:31 PM
Post #1 of 2 (2691 views)
Permalink
This mistakenly tests against sizeof(freqs) instead of the array size. Due to
the mask the only illegal value possible was 3.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
---
diff --git a/drivers/media/video/ivtv/ivtv-controls.c b/drivers/media/video/ivtv/ivtv-controls.c
index a3b77ed..4a9c8ce 100644
--- a/drivers/media/video/ivtv/ivtv-controls.c
+++ b/drivers/media/video/ivtv/ivtv-controls.c
@@ -17,6 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#include <linux/kernel.h>

#include "ivtv-driver.h"
#include "ivtv-cards.h"
@@ -281,7 +282,7 @@ int ivtv_s_ext_ctrls(struct file *file, void *fh, struct v4l2_ext_controls *c)
idx = p.audio_properties & 0x03;
/* The audio clock of the digitizer must match the codec sample
rate otherwise you get some very strange effects. */
- if (idx < sizeof(freqs))
+ if (idx < ARRAY_SIZE(freqs))
ivtv_call_all(itv, audio, s_clock_freq, freqs[idx]);
return err;
}

_______________________________________________
ivtv-devel mailing list
ivtv-devel@ivtvdriver.org
http://ivtvdriver.org/mailman/listinfo/ivtv-devel
Re: [PATCH] ivtv: Read buffer overflow [ In reply to ]
awalls at radix
Jul 23, 2009, 5:36 PM
Post #2 of 2 (2516 views)
Permalink
On Thu, 2009-07-23 at 23:31 +0200, Roel Kluin wrote:
> This mistakenly tests against sizeof(freqs) instead of the array size. Due to
> the mask the only illegal value possible was 3.
>
> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>

Acked-by: Andy Walls <awalls@radix.net>

The cx18 driver suffers from the exact same defect in cx18-controls.c.

> ---
> diff --git a/drivers/media/video/ivtv/ivtv-controls.c b/drivers/media/video/ivtv/ivtv-controls.c
> index a3b77ed..4a9c8ce 100644
> --- a/drivers/media/video/ivtv/ivtv-controls.c
> +++ b/drivers/media/video/ivtv/ivtv-controls.c
> @@ -17,6 +17,7 @@
> along with this program; if not, write to the Free Software
> Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> */
> +#include <linux/kernel.h>
>
> #include "ivtv-driver.h"
> #include "ivtv-cards.h"
> @@ -281,7 +282,7 @@ int ivtv_s_ext_ctrls(struct file *file, void *fh, struct v4l2_ext_controls *c)
> idx = p.audio_properties & 0x03;
> /* The audio clock of the digitizer must match the codec sample
> rate otherwise you get some very strange effects. */
> - if (idx < sizeof(freqs))
> + if (idx < ARRAY_SIZE(freqs))
> ivtv_call_all(itv, audio, s_clock_freq, freqs[idx]);
> return err;
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-media" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>


_______________________________________________
ivtv-devel mailing list
ivtv-devel@ivtvdriver.org
http://ivtvdriver.org/mailman/listinfo/ivtv-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal