* [media] cx25821: Is there a potential buffer-underflow in cx25821-core.c?
@ 2021-08-12 4:21 Tuo Li
0 siblings, 0 replies; only message in thread
From: Tuo Li @ 2021-08-12 4:21 UTC (permalink / raw)
To: mchehab, hverkuil-cisco, christophe.jaillet, tglx
Cc: linux-media, Linux Kernel, baijiaju1990
Hello,
Our static analysis tool reports a possible buffer-underflow in
cx25821-core.c in Linux 5.14.0-rc3:
The variable channel_select is checked in:
761: if (channel_select <= 7 && channel_select >= 0)
This indicates that channel_select can be negative.
If so, a buffer-underflow will occur:
765: dev->channels[channel_select].pixel_formats = format;
However, we checked this report manually, and found that the only call
site is in cx25821-video.c:
394: cx25821_set_pixel_format(dev, SRAM_CH00, pix_format);
And SRAM_CH00 is not negative.
I am not sure whether this negatvie-check is redundant or there is a
potential buffer-underflow.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Best wishes,
Tuo Li
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-12 4:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-12 4:21 [media] cx25821: Is there a potential buffer-underflow in cx25821-core.c? Tuo Li
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).