aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/media/common/tuners/qt1010.c
diff options
context:
space:
mode:
authorJan Nikitenko <jan.nikitenko@gmail.com>2009-06-18 07:11:57 -0400
committerMauro Carvalho Chehab <mchehab@redhat.com>2009-08-13 19:39:02 -0400
commit458f9aa391efd34867f8cabac2e2f1af00cbc562 (patch)
tree72b5a9baf0ea344e36ec6db04b507dae3b4233f5 /drivers/media/common/tuners/qt1010.c
parent296544e15a7126373851abd40acc526b79b91432 (diff)
V4L/DVB (12341): zl10353 and qt1010: fix stack corruption bug
Fixes stack corruption bug present in dump_regs function of zl10353 and qt1010 drivers: the buffer buf was one byte smaller than required - there are 4 chars for address prefix, 16 * 3 chars for dump of 16 eeprom bytes per line and 1 byte for zero ending the string required, i.e. 53 bytes, but only 52 were provided. The one byte missing in stack based buffer buf can cause stack corruption possibly leading to kernel oops, as discovered originally with af9015 driver (af9015: fix stack corruption bug). Signed-off-by: Jan Nikitenko <jan.nikitenko@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Diffstat (limited to 'drivers/media/common/tuners/qt1010.c')
-rw-r--r--drivers/media/common/tuners/qt1010.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/drivers/media/common/tuners/qt1010.c b/drivers/media/common/tuners/qt1010.c
index 825aa1412e6f..9f5dba244cb8 100644
--- a/drivers/media/common/tuners/qt1010.c
+++ b/drivers/media/common/tuners/qt1010.c
@@ -64,24 +64,22 @@ static int qt1010_writereg(struct qt1010_priv *priv, u8 reg, u8 val)
64/* dump all registers */ 64/* dump all registers */
65static void qt1010_dump_regs(struct qt1010_priv *priv) 65static void qt1010_dump_regs(struct qt1010_priv *priv)
66{ 66{
67 char buf[52], buf2[4];
68 u8 reg, val; 67 u8 reg, val;
69 68
70 for (reg = 0; ; reg++) { 69 for (reg = 0; ; reg++) {
71 if (reg % 16 == 0) { 70 if (reg % 16 == 0) {
72 if (reg) 71 if (reg)
73 printk("%s\n", buf); 72 printk(KERN_CONT "\n");
74 sprintf(buf, "%02x: ", reg); 73 printk(KERN_DEBUG "%02x:", reg);
75 } 74 }
76 if (qt1010_readreg(priv, reg, &val) == 0) 75 if (qt1010_readreg(priv, reg, &val) == 0)
77 sprintf(buf2, "%02x ", val); 76 printk(KERN_CONT " %02x", val);
78 else 77 else
79 strcpy(buf2, "-- "); 78 printk(KERN_CONT " --");
80 strcat(buf, buf2);
81 if (reg == 0x2f) 79 if (reg == 0x2f)
82 break; 80 break;
83 } 81 }
84 printk("%s\n", buf); 82 printk(KERN_CONT "\n");
85} 83}
86 84
87static int qt1010_set_params(struct dvb_frontend *fe, 85static int qt1010_set_params(struct dvb_frontend *fe,