]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8163419) | patch
media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread()
authorIvan Abramov <i.abramov@mt-integration.ru>
Tue, 2 Sep 2025 23:28:14 +0000 (02:28 +0300)
committerHans Verkuil <hverkuil+cisco@kernel.org>
Tue, 14 Oct 2025 13:07:37 +0000 (15:07 +0200)
commitd2bceb2e20e783d57e739c71e4e50b4b9f4a3953
treedee2d7af7b89308020a1d9fe7362beeb0fc3366etree | snapshot
parent8163419e3e05d71dcfa8fb49c8fdf8d76908fe51commit | diff
media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread()

It's possible for max1 to remain -1 if msp_read() always fail. This
variable is further used as index for accessing arrays.

Fix that by checking max1 prior to array accesses.

It seems that restart is the preferable action in case of out-of-bounds
value.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 8a4b275f9c19 ("V4L/DVB (3427): audmode and rxsubchans fixes (VIDIOC_G/S_TUNER)")
Cc: stable@vger.kernel.org
Signed-off-by: Ivan Abramov <i.abramov@mt-integration.ru>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
drivers/media/i2c/msp3400-kthreads.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git