forked from luck/tmp_suning_uos_patched
9369cc96af
Smatch complains that the wrong limiter is used here: drivers/media/dvb/ttpci/av7110.c +906 dvb_feed_start_pid(12) error: buffer overflow 'npids' 5 <= 19 Here is the problem code: 905 i = dvbdmxfeed->pes_type; 906 npids[i] = (pid[i]&0x8000) ? 0 : pid[i]; "npids" is a 5 element array declared on the stack. If dvbdmxfeed->pes_type is more than 4 we probably put a (u16)0 past the end of the array. If dvbdmxfeed->pes_type is over 4 the rest of the function doesn't do anything. dvbdmxfeed->pes_type is capped at less than DMX_TS_PES_OTHER (20) in the caller function, but I changed it to less than or equal to DMX_TS_PES_PCR (4). Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Oliver Endriss <o.endriss@gmx.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> |
||
---|---|---|
.. | ||
b2c2 | ||
bt8xx | ||
ddbridge | ||
dm1105 | ||
dvb-core | ||
dvb-usb | ||
firewire | ||
frontends | ||
mantis | ||
ngene | ||
pluto2 | ||
pt1 | ||
siano | ||
ttpci | ||
ttusb-budget | ||
ttusb-dec | ||
Kconfig | ||
Makefile |