]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commitdiff
si4713-i2c: avoid potential buffer overflow on si4713
authorMauro Carvalho Chehab <mchehab@redhat.com>
Sun, 17 Jul 2011 03:24:37 +0000 (00:24 -0300)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 18 Jul 2011 16:12:21 +0000 (09:12 -0700)
While compiling it with Fedora 15, I noticed this issue:

  inlined from ‘si4713_write_econtrol_string’ at drivers/media/radio/si4713-i2c.c:1065:24:
  arch/x86/include/asm/uaccess_32.h:211:26: error: call to ‘copy_from_user_overflow’ declared with attribute error: copy_from_user() buffer size is not provably correct

Cc: stable@kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Acked-by: Sakari Ailus <sakari.ailus@maxwell.research.nokia.com>
Acked-by: Eduardo Valentin <edubezval@gmail.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/media/radio/si4713-i2c.c

index deca2e06ff2203bba0caae2e5737499fd0f9cdc2..c9f4a8e65dc45daccc97c70bdaa99c8510fddae1 100644 (file)
@@ -1033,7 +1033,7 @@ static int si4713_write_econtrol_string(struct si4713_device *sdev,
                char ps_name[MAX_RDS_PS_NAME + 1];
 
                len = control->size - 1;
-               if (len > MAX_RDS_PS_NAME) {
+               if (len < 0 || len > MAX_RDS_PS_NAME) {
                        rval = -ERANGE;
                        goto exit;
                }
@@ -1057,7 +1057,7 @@ static int si4713_write_econtrol_string(struct si4713_device *sdev,
                char radio_text[MAX_RDS_RADIO_TEXT + 1];
 
                len = control->size - 1;
-               if (len > MAX_RDS_RADIO_TEXT) {
+               if (len < 0 || len > MAX_RDS_RADIO_TEXT) {
                        rval = -ERANGE;
                        goto exit;
                }