Hello Jarod Wilson,
The patch 2154be651b90: "[media] redrat3: new rc-core IR transceiver
device driver" from May 4, 2011, leads to the following warning:
drivers/media/rc/redrat3.c:948 redrat3_transmit_ir()
error: buffer overflow 'sample_lens' 128 <= 254
drivers/media/rc/redrat3.c
929 sample_lens = kzalloc(sizeof(int) * RR3_DRIVER_MAXLENS, GFP_KERNEL);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
sample_lens has space for 128 ints.
930 if (!sample_lens) {
931 ret = -ENOMEM;
932 goto out;
933 }
934
935 for (i = 0; i < count; i++) {
936 for (lencheck = 0; lencheck < curlencheck; lencheck++) {
937 cur_sample_len = redrat3_us_to_len(txbuf[i]);
938 if (sample_lens[lencheck] == cur_sample_len)
939 break;
940 }
941 if (lencheck == curlencheck) {
942 cur_sample_len = redrat3_us_to_len(txbuf[i]);
943 rr3_dbg(dev, "txbuf[%d]=%u, pos %d, enc %u\n",
944 i, txbuf[i], curlencheck, cur_sample_len);
945 if (curlencheck < 255) {
^^^^^^^^^^^^^^^^^
curlencheck goes up to 254.
946 /* now convert the value to a proper
947 * rr3 value.. */
948 sample_lens[curlencheck] = cur_sample_len;
^^^^^^^^^^^^^^^^^^^^^^^^
overflow.
949 curlencheck++;
950 } else {
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
