[PATCH] fix cdrom length check

There's a bad length check in cdrom_get_random_writable(), it's off-by-4 since fh->data_len is the length of data _after_ that field (which is offset 4 bytes in the header). Check is pretty bogus anyways, so just kill it. Signed-Off-By: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] fix cdrom length check
There's a bad length check in cdrom_get_random_writable(), it's off-by-4 since fh->data_len is the length of data _after_ that field (which is offset 4 bytes in the header). Check is pretty bogus anyways, so just kill it. Signed-Off-By: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
0c607719 · Jens Axboe · Linus Torvalds · 15571bd4 · 0c607719
Commit 0c607719 authored Jun 04, 2004 by Jens Axboe Committed by Linus Torvalds Jun 04, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 9 deletions

drivers/cdrom/cdrom.c drivers/cdrom/cdrom.c +1 -9

No files found.
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -651,7 +651,6 @@ int cdrom_get_random_writable(struct cdrom_device_info *cdi,
 {
 	struct packet_command cgc;
 	char buffer[24];
-	struct feature_header *fh;
 	int ret;

 	init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ);
@@ -664,14 +663,7 @@ int cdrom_get_random_writable(struct cdrom_device_info *cdi,
 	if ((ret = cdi->ops->generic_packet(cdi, &cgc)))
 		return ret;

-	fh = (struct feature_header *)&buffer[0];
-	if (be32_to_cpu(fh->data_len) >= (sizeof(struct feature_header)+
-					  sizeof(struct rwrt_feature_desc)))
-		memcpy(rfd, &buffer[sizeof(struct feature_header)],
-		       sizeof (*rfd));
-	else
-		memset(rfd, 0, sizeof(*rfd));
-
+	memcpy(rfd, &buffer[sizeof(struct feature_header)], sizeof (*rfd));
 	return 0;
 }