Commit 0c607719 authored by Jens Axboe's avatar Jens Axboe Committed by Linus Torvalds

[PATCH] fix cdrom length check

There's a bad length check in cdrom_get_random_writable(), it's off-by-4
since fh->data_len is the length of data _after_ that field (which is
offset 4 bytes in the header).  Check is pretty bogus anyways, so just kill
it.
Signed-Off-By: default avatarJens Axboe <axboe@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 15571bd4
...@@ -651,7 +651,6 @@ int cdrom_get_random_writable(struct cdrom_device_info *cdi, ...@@ -651,7 +651,6 @@ int cdrom_get_random_writable(struct cdrom_device_info *cdi,
{ {
struct packet_command cgc; struct packet_command cgc;
char buffer[24]; char buffer[24];
struct feature_header *fh;
int ret; int ret;
init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ);
...@@ -664,14 +663,7 @@ int cdrom_get_random_writable(struct cdrom_device_info *cdi, ...@@ -664,14 +663,7 @@ int cdrom_get_random_writable(struct cdrom_device_info *cdi,
if ((ret = cdi->ops->generic_packet(cdi, &cgc))) if ((ret = cdi->ops->generic_packet(cdi, &cgc)))
return ret; return ret;
fh = (struct feature_header *)&buffer[0]; memcpy(rfd, &buffer[sizeof(struct feature_header)], sizeof (*rfd));
if (be32_to_cpu(fh->data_len) >= (sizeof(struct feature_header)+
sizeof(struct rwrt_feature_desc)))
memcpy(rfd, &buffer[sizeof(struct feature_header)],
sizeof (*rfd));
else
memset(rfd, 0, sizeof(*rfd));
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment