korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-24 20:54:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
10ded23127
linux/drivers/media/tuners
History
Kees Cook d5872e93fa media: mxl5005s: Bounds check size used for max array index 
The use of state->CH_Ctrl[i].size in a shift operation implies that its
value can be as much as 32, but the state->CH_Ctrl[i].val array is only
25 in size. Bounds check the size before shifting and looping. Fixes
warnings seen with GCC 13:

../drivers/media/tuners/mxl5005s.c: In function 'MXL_ControlWrite_Group.isra':
../drivers/media/tuners/mxl5005s.c:3450:70: warning: array subscript 32 is above array bounds of 'u16[25]' {aka 'short unsigned int[25]'} [-Warray-bounds=]
 3450 | state->CH_Ctrl[i].val[j] = (u8)((value >> j) & 0x01);
      |  ~~~~~~~~~~~~~~~~~~~~~^~~
../drivers/media/tuners/mxl5005s.c:238:13: note: while referencing 'val'
  238 |         u16 val[25];    /* Binary representation of Value */
      |             ^~~

Cc: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
2023-03-19 22:50:49 +01:00
..
e4000_priv.h
e4000.c media: tuners/e4000: Convert to i2c's .probe_new() 2022-11-21 11:04:43 +01:00
e4000.h
fc001x-common.h
fc0011.c media: Use fallthrough pseudo-keyword 2020-08-29 08:35:27 +02:00
fc0011.h
fc0012-priv.h
fc0012.c
fc0012.h
fc0013-priv.h
fc0013.c
fc0013.h
fc2580_priv.h
fc2580.c media: tuners/fc2580: Convert to i2c's .probe_new() 2022-11-21 11:04:43 +01:00
fc2580.h
it913x.c media: tuners/it913x.c: fix missing error code 2021-01-27 08:33:01 +01:00
it913x.h media: media tuner headers: fix kernel-doc warnings 2021-03-22 10:24:27 +01:00
Kconfig media: media/*/Kconfig: sort entries 2022-03-18 05:58:35 +01:00
m88rs6000t.c media: tuners/m88rs6000t: Convert to i2c's .probe_new() 2022-11-21 11:04:43 +01:00
m88rs6000t.h
Makefile media: Makefiles: sort entries where it fits 2022-03-14 09:42:59 +01:00
max2165_priv.h
max2165.c
max2165.h
mc44s803_priv.h
mc44s803.c
mc44s803.h
msi001.c spi: make remove callback a void function 2022-02-09 13:00:45 +00:00
mt20xx.c
mt20xx.h
mt2060_priv.h
mt2060.c media: tuners/mt2060: Convert to i2c's .probe_new() 2022-11-21 11:04:44 +01:00
mt2060.h
mt2063.c media: fix incorrect kernel doc usages 2021-03-11 11:59:44 +01:00
mt2063.h
mt2131_priv.h
mt2131.c
mt2131.h
mt2266.c
mt2266.h
mxl301rf.c media: tuners/mxl301rf: Convert to i2c's .probe_new() 2022-11-21 11:04:44 +01:00
mxl301rf.h
mxl5005s.c media: mxl5005s: Bounds check size used for max array index 2023-03-19 22:50:49 +01:00
mxl5005s.h
mxl5007t.c media: tuners: mxl5007t: Removed unnecessary 'return' 2021-09-30 10:07:40 +02:00
mxl5007t.h
qm1d1b0004.c media: tuners/qm1d1b0004: Convert to i2c's .probe_new() 2022-11-21 11:04:44 +01:00
qm1d1b0004.h
qm1d1c0042.c media: tuners/qm1d1c0042: Convert to i2c's .probe_new() 2022-11-21 11:04:44 +01:00
qm1d1c0042.h
qt1010_priv.h
qt1010.c media: qt1010: fix usage of unititialized value 2020-09-03 11:07:57 +02:00
qt1010.h media: media tuner headers: fix kernel-doc warnings 2021-03-22 10:24:27 +01:00
r820t.c media: Print chip type explicitly when loading the Rafael Micro r820t module 2021-12-07 11:29:57 +01:00
r820t.h
si2157_priv.h media: si2157: add ATV support for si2158 2021-12-14 16:19:05 +01:00
si2157.c media: tuners/si2157: Convert to i2c's .probe_new() 2023-01-22 08:33:25 +01:00
si2157.h media: si2157: Add option for not downloading firmware. 2019-10-10 07:07:14 -03:00
tda827x.c
tda827x.h media: media tuner headers: fix kernel-doc warnings 2021-03-22 10:24:27 +01:00
tda8290.c
tda8290.h
tda9887.c
tda9887.h
tda18212.c media: tuners/tda18212: Convert to i2c's .probe_new() 2022-11-21 11:04:45 +01:00
tda18212.h
tda18218_priv.h
tda18218.c
tda18218.h
tda18250_priv.h
tda18250.c media: tuners/tda18250: Convert to i2c's .probe_new() 2022-11-21 11:04:45 +01:00
tda18250.h
tda18271-common.c
tda18271-fe.c media: Use fallthrough pseudo-keyword 2020-08-29 08:35:27 +02:00
tda18271-maps.c
tda18271-priv.h
tda18271.h
tea5761.c
tea5761.h
tea5767.c
tea5767.h
tua9001_priv.h
tua9001.c media: tuners/tua9001: Convert to i2c's .probe_new() 2022-11-21 11:04:45 +01:00
tua9001.h
tuner-i2c.h media: tuners: fix error return code of hybrid_tuner_request_state() 2021-03-22 10:21:03 +01:00
tuner-simple.c media: tuner-simple: fix regression in simple_set_radio_freq 2020-08-26 18:51:50 +02:00
tuner-simple.h
tuner-types.c media: xc2028: rename the driver from tuner-xc2028 2022-03-12 16:59:50 +01:00
xc2028-types.h media: xc2028: rename the driver from tuner-xc2028 2022-03-12 16:59:50 +01:00
xc2028.c media: xc2028: rename the driver from tuner-xc2028 2022-03-12 16:59:50 +01:00
xc2028.h media: xc2028: rename the driver from tuner-xc2028 2022-03-12 16:59:50 +01:00
xc4000.c media: tuners: Remove the unneeded result variable 2022-09-24 08:54:10 +02:00
xc4000.h
xc5000.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
xc5000.h