projects
/
linux-flexiantxendom0-natty.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
[linux-flexiantxendom0-natty.git]
/
drivers
/
media
/
radio
/
si4713-i2c.c
diff --git
a/drivers/media/radio/si4713-i2c.c
b/drivers/media/radio/si4713-i2c.c
index
0fab6f8
..
924445a
100644
(file)
--- a/
drivers/media/radio/si4713-i2c.c
+++ b/
drivers/media/radio/si4713-i2c.c
@@
-1033,7
+1033,7
@@
static int si4713_write_econtrol_string(struct si4713_device *sdev,
char ps_name[MAX_RDS_PS_NAME + 1];
len = control->size - 1;
char ps_name[MAX_RDS_PS_NAME + 1];
len = control->size - 1;
- if (len > MAX_RDS_PS_NAME) {
+ if (len < 0 || len > MAX_RDS_PS_NAME) {
rval = -ERANGE;
goto exit;
}
rval = -ERANGE;
goto exit;
}
@@
-1057,7
+1057,7
@@
static int si4713_write_econtrol_string(struct si4713_device *sdev,
char radio_text[MAX_RDS_RADIO_TEXT + 1];
len = control->size - 1;
char radio_text[MAX_RDS_RADIO_TEXT + 1];
len = control->size - 1;
- if (len > MAX_RDS_RADIO_TEXT) {
+ if (len < 0 || len > MAX_RDS_RADIO_TEXT) {
rval = -ERANGE;
goto exit;
}
rval = -ERANGE;
goto exit;
}