The unused bytes of the features array should be zeroed, but the start index was one
byte too early. This caused the device features byte to be overwritten by 0.
The compliance test for the CEC_S_LOG_ADDRS ioctl didn't catch this because it tested
byte continuation with the second device features byte being 0 :-(
Signed-off-by: Hans Verkuil <hans.verkuil@xxxxxxxxx>
---
diff --git a/drivers/staging/media/cec/cec-adap.c b/drivers/staging/media/cec/cec-adap.c
index 9fffddb..b2393bb 100644
--- a/drivers/staging/media/cec/cec-adap.c
+++ b/drivers/staging/media/cec/cec-adap.c
@@ -1252,7 +1252,7 @@ int __cec_s_log_addrs(struct cec_adapter *adap,
return -EINVAL;
}
/* Zero unused part of the feature array */
- memset(features + i, 0, feature_sz - i);
+ memset(features + i + 1, 0, feature_sz - i - 1);
}
if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) {
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
