| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 May 2017 20:55:25 +0100
From: Malcolm Priestley <tvboxspy@...il.com>
To: "Gustavo A. R. Silva" <garsilva@...eddedor.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [media-dvb-usb-v2] question about value overwrite
Hi
On 18/05/17 20:09, Gustavo A. R. Silva wrote:
>
> Hello everybody,
>
> While looking into Coverity ID 1226934 I ran into the following piece of
> code at drivers/media/usb/dvb-usb-v2/lmedm04.c:205
>
> 205static int lme2510_stream_restart(struct dvb_usb_device *d)
> 206{
> 207 struct lme2510_state *st = d->priv;
> 208 u8 all_pids[] = LME_ALL_PIDS;
> 209 u8 stream_on[] = LME_ST_ON_W;
> 210 int ret;
> 211 u8 rbuff[1];
> 212 if (st->pid_off)
> 213 ret = lme2510_usb_talk(d, all_pids, sizeof(all_pids),
> 214 rbuff, sizeof(rbuff));
> 215 /*Restart Stream Command*/
> 216 ret = lme2510_usb_talk(d, stream_on, sizeof(stream_on),
> 217 rbuff, sizeof(rbuff));
> 218 return ret;
> 219}
It is a mistake it should have been ORed ad in |= as lme2510_usb_talk
only returns three states.
So if an error is in the running it will be returned to user.
The first of your patches is better and more or less the same, the
second would break driver, restart is not an else condition.
Regards
Malcolm
Powered by blists - more mailing lists