| Message ID | 000f01d1b8c3$54af4080$fe0dc180$@astim.si (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers |
Received: from mail.tu-berlin.de ([130.149.7.33]) by www.linuxtv.org with esmtp (Exim 4.84_2) (envelope-from <linux-media-owner@vger.kernel.org>) id 1b6aqE-0007dt-LZ; Sat, 28 May 2016 09:47:34 +0000 X-tubIT-Incoming-IP: 209.132.180.67 Received: from vger.kernel.org ([209.132.180.67]) by mail.tu-berlin.de (exim-4.84_2/mailfrontend-5) with esmtp id 1b6aqC-00059M-8s; Sat, 28 May 2016 11:47:34 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751447AbcE1JqG (ORCPT <rfc822;mkrufky@linuxtv.org> + 1 other); Sat, 28 May 2016 05:46:06 -0400 Received: from mail.astim.si ([93.103.6.239]:37079 "EHLO mail.astim.si" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751231AbcE1JqF (ORCPT <rfc822;linux-media@vger.kernel.org>); Sat, 28 May 2016 05:46:05 -0400 X-Greylist: delayed 1030 seconds by postgrey-1.27 at vger.kernel.org; Sat, 28 May 2016 05:46:05 EDT Received: from PCSaso ([192.168.10.2]) by mail.astim.si (8.14.4/8.14.4) with ESMTP id u4S9SoLj022848 for <linux-media@vger.kernel.org>; Sat, 28 May 2016 11:28:52 +0200 From: "Saso Slavicic" <saso.linux@astim.si> To: <linux-media@vger.kernel.org> Subject: ascot2e.c off by one bug Date: Sat, 28 May 2016 11:28:43 +0200 Message-ID: <000f01d1b8c3$54af4080$fe0dc180$@astim.si> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AdG4wkoxqgiXZScrRimsk9++20LRrA== Content-Language: sl X-Scanned-By: MIMEDefang 2.73 on 84.255.203.46 Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: <linux-media.vger.kernel.org> X-Mailing-List: linux-media@vger.kernel.org X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.5.28.93915 X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report=' HTML_00_01 0.05, HTML_00_10 0.05, MSGID_ADDED_BY_MTA 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1500_1599 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, ECARD_WORD 0, FORGED_MUA_OUTLOOK 0, NO_URI_HTTPS 0, SINGLE_URI_IN_BODY 0, URI_ENDS_IN_HTML 0, __ANY_URI 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HAS_X_MAILING_LIST 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __OUTLOOK_MUA 0, __OUTLOOK_MUA_1 0, __SANE_MSGID 0, __SINGLE_URI_TEXT 0, __STOCK_PHRASE_7 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_IN_BODY 0, __URI_NO_WWW 0, __URI_NS , __URI_WITH_PATH 0, __USER_AGENT_MS_GENERIC 0' |
Commit Message
Saso Slavicic
May 28, 2016, 9:28 a.m. UTC
Hi, Tuning a card with Sony ASCOT2E produces the following error: kernel: i2c i2c-9: wr reg=0006: len=11 is too big! MAX_WRITE_REGSIZE is defined as 10, buf[MAX_WRITE_REGSIZE + 1] buffer is used in ascot2e_write_regs(). The problem is that exactly 10 bytes are written in ascot2e_set_params(): /* Set BW_OFFSET (0x0F) value from parameter table */ data[9] = ascot2e_sett[tv_system].bw_offset; ascot2e_write_regs(priv, 0x06, data, 10); The test in write_regs is as follows: if (len + 1 >= sizeof(buf)) 10 + 1 = 11 and that would be exactly the size of buf. Since 10 bytes + buf[0] = reg would seem to fit into buf[], this shouldn't be an error. The following patch fixes the problem for me, I have tested the card and it seems to be working fine. --- drivers/media/dvb-frontends/ascot2e.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) return -E2BIG; Regards, Saso Slavicic -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Comments
Convert it to regmap at the same (just a hint...) On 05/28/2016 12:28 PM, Saso Slavicic wrote: > Hi, > > Tuning a card with Sony ASCOT2E produces the following error: > > kernel: i2c i2c-9: wr reg=0006: len=11 is too big! > > MAX_WRITE_REGSIZE is defined as 10, buf[MAX_WRITE_REGSIZE + 1] buffer is > used in ascot2e_write_regs(). > > The problem is that exactly 10 bytes are written in ascot2e_set_params(): > > /* Set BW_OFFSET (0x0F) value from parameter table */ > data[9] = ascot2e_sett[tv_system].bw_offset; > ascot2e_write_regs(priv, 0x06, data, 10); > > The test in write_regs is as follows: > > if (len + 1 >= sizeof(buf)) > > 10 + 1 = 11 and that would be exactly the size of buf. Since 10 bytes + > buf[0] = reg would seem to fit into buf[], this shouldn't be an error. > > The following patch fixes the problem for me, I have tested the card and it > seems to be working fine. > > --- > drivers/media/dvb-frontends/ascot2e.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/media/dvb-frontends/ascot2e.c > b/drivers/media/dvb-frontends/ascot2e.c > --- a/drivers/media/dvb-frontends/ascot2e.c > +++ b/drivers/media/dvb-frontends/ascot2e.c > @@ -132,7 +132,7 @@ static int ascot2e_write_regs(struct ascot2e_priv *priv, > } > }; > > - if (len + 1 >= sizeof(buf)) { > + if (len + 1 > sizeof(buf)) { > dev_warn(&priv->i2c->dev,"wr reg=%04x: len=%d is too > big!\n", > reg, len + 1); > return -E2BIG; > > Regards, > Saso Slavicic > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-media" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >
diff --git a/drivers/media/dvb-frontends/ascot2e.c b/drivers/media/dvb-frontends/ascot2e.c --- a/drivers/media/dvb-frontends/ascot2e.c +++ b/drivers/media/dvb-frontends/ascot2e.c @@ -132,7 +132,7 @@ static int ascot2e_write_regs(struct ascot2e_priv *priv, } }; - if (len + 1 >= sizeof(buf)) { + if (len + 1 > sizeof(buf)) { dev_warn(&priv->i2c->dev,"wr reg=%04x: len=%d is too big!\n", reg, len + 1);