[media] r820t: avoid potential memcpy buffer overflow in shadow_store()

The memcpy in shadow_store() could exceed buffer limits when r > 0. Signed-off-by: N Gianluca Gennari <gennarone@gmail.com> Signed-off-by: N Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: N Mauro Carvalho Chehab <mchehab@redhat.com>

[media] r820t: avoid potential memcpy buffer overflow in shadow_store()
The memcpy in shadow_store() could exceed buffer limits when r > 0. Signed-off-by: N Gianluca Gennari <gennarone@gmail.com> Signed-off-by: N Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: N Mauro Carvalho Chehab <mchehab@redhat.com>
757d7ace · Gianluca Gennari · Mauro Carvalho Chehab · e2e324d7 · 757d7ace
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

drivers/media/tuners/r820t.c drivers/media/tuners/r820t.c +2 -2

未找到文件。
--- a/drivers/media/tuners/r820t.c
+++ b/drivers/media/tuners/r820t.c
@@ -364,8 +364,8 @@ static void shadow_store(struct r820t_priv *priv, u8 reg, const u8 *val,
 	}
 	if (len <= 0)
 		return;
-	if (len > NUM_REGS)
-		len = NUM_REGS;
+	if (len > NUM_REGS - r)
+		len = NUM_REGS - r;

 	tuner_dbg("%s: prev  reg=%02x len=%d: %*ph\n",
 		  __func__, r + REG_SHADOW_START, len, len, val);