• Stefan Richter's avatar
    firewire: ohci: fix Self ID Count register mask (safeguard against buffer overflow) · 928ec5f1
    Stefan Richter authored
    The selfIDSize field of Self ID Count is 9 bits wide, and we are only
    interested in the high 8 bits.  Fix the mask accordingly.  The
    previously too large mask didn't do damage though because the next few
    bits in the register are reserved and therefore zero with presently
    existing hardware.
    
    Also, check for the maximum possible self ID count of 252 (according to
    OHCI 1.1 clause 11.2 and IEEE 1394a-2000 clause 4.3.4.1, i.e. up to four
    self IDs of up to 63 nodes, even though IEEE 1394 up to edition 2008
    defines only up to three self IDs per node).  More than 252 self IDs
    would only happen if the self ID receive DMA unit malfunctioned, which
    would likely be caught by other self ID buffer checks.  However, check
    it early to be sure.  More than 253 quadlets would overflow the Topology
    Map CSR.
    
    Reported-By: PaX Team
    Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
    928ec5f1
ohci.c 73.1 KB