Commit 292eaf50 authored by Hans Verkuil's avatar Hans Verkuil Committed by Mauro Carvalho Chehab

[media] cec: fix off-by-one memset

The unused bytes of the features array should be zeroed, but the start index was one
byte too early. This caused the device features byte to be overwritten by 0.

The compliance test for the CEC_S_LOG_ADDRS ioctl didn't catch this because it tested
byte continuation with the second device features byte being 0 :-(
Signed-off-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
parent cd70c37b
...@@ -1252,7 +1252,7 @@ int __cec_s_log_addrs(struct cec_adapter *adap, ...@@ -1252,7 +1252,7 @@ int __cec_s_log_addrs(struct cec_adapter *adap,
return -EINVAL; return -EINVAL;
} }
/* Zero unused part of the feature array */ /* Zero unused part of the feature array */
memset(features + i, 0, feature_sz - i); memset(features + i + 1, 0, feature_sz - i - 1);
} }
if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) { if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment