Commit 757d7ace authored by Gianluca Gennari's avatar Gianluca Gennari Committed by Mauro Carvalho Chehab

[media] r820t: avoid potential memcpy buffer overflow in shadow_store()

The memcpy in shadow_store() could exceed buffer limits when r > 0.
Signed-off-by: default avatarGianluca Gennari <gennarone@gmail.com>
Signed-off-by: default avatarMichael Krufky <mkrufky@linuxtv.org>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent e2e324d7
...@@ -364,8 +364,8 @@ static void shadow_store(struct r820t_priv *priv, u8 reg, const u8 *val, ...@@ -364,8 +364,8 @@ static void shadow_store(struct r820t_priv *priv, u8 reg, const u8 *val,
} }
if (len <= 0) if (len <= 0)
return; return;
if (len > NUM_REGS) if (len > NUM_REGS - r)
len = NUM_REGS; len = NUM_REGS - r;
tuner_dbg("%s: prev reg=%02x len=%d: %*ph\n", tuner_dbg("%s: prev reg=%02x len=%d: %*ph\n",
__func__, r + REG_SHADOW_START, len, len, val); __func__, r + REG_SHADOW_START, len, len, val);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment