Hi Ethan,
On Sun, Jan 05, 2014 at 09:17:39AM +0800, Ethan Zhao wrote:
> cx18_i2c_register() is called in cx18_init_subdevs() with index
> greater than length of hw_bus array, that will cause array overrun,
> introduce a helper cx18_get_max_bus_num() to void it.
s/void/avoid/
>
> Signed-off-by: Ethan Zhao <ethan.ker...@gmail.com>
> ---
> drivers/media/pci/cx18/cx18-driver.c | 2 +-
> drivers/media/pci/cx18/cx18-i2c.c | 5 +++++
> drivers/media/pci/cx18/cx18-i2c.h | 1 +
> 3 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/pci/cx18/cx18-driver.c
> b/drivers/media/pci/cx18/cx18-driver.c
> index 6386ced..dadcd4a 100644
> --- a/drivers/media/pci/cx18/cx18-driver.c
> +++ b/drivers/media/pci/cx18/cx18-driver.c
> @@ -856,7 +856,7 @@ static void cx18_init_subdevs(struct cx18 *cx)
> u32 device;
> int i;
>
> - for (i = 0, device = 1; i < 32; i++, device <<= 1) {
> + for (i = 0, device = 1; i < cx18_get_max_bus_num(); i++, device <<= 1) {
>
> if (!(device & hw))
> continue;
> diff --git a/drivers/media/pci/cx18/cx18-i2c.c
> b/drivers/media/pci/cx18/cx18-i2c.c
> index 4af8cd6..e0e8193 100644
> --- a/drivers/media/pci/cx18/cx18-i2c.c
> +++ b/drivers/media/pci/cx18/cx18-i2c.c
> @@ -108,6 +108,11 @@ static int cx18_i2c_new_ir(struct cx18 *cx, struct
> i2c_adapter *adap, u32 hw,
> -1 : 0;
> }
>
> +int cx18_get_max_bus_num()
This should be "int cx18_get_max_bus_num(void)" since we are using C and
not C++.
> +{
> + return sizeof(hw_bus);
I'd rather see
return ARRAY_SIZE(hw_bus);
Thanks.
--
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
