[media] r820t: avoid potential memcpy buffer overflow in shadow_store()

The memcpy in shadow_store() could exceed buffer limits when r > 0. Signed-off-by: Gianluca Gennari <gennarone@gmail.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

[media] r820t: avoid potential memcpy buffer overflow in shadow_store()
The memcpy in shadow_store() could exceed buffer limits when r > 0. Signed-off-by: Gianluca Gennari <gennarone@gmail.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
757d7ace · Gianluca Gennari · Mauro Carvalho Chehab · e2e324d7 · 757d7ace
Commit 757d7ace authored Jun 02, 2013 by Gianluca Gennari Committed by Mauro Carvalho Chehab Jun 19, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

drivers/media/tuners/r820t.c drivers/media/tuners/r820t.c +2 -2

No files found.
--- a/drivers/media/tuners/r820t.c
+++ b/drivers/media/tuners/r820t.c
@@ -364,8 +364,8 @@ static void shadow_store(struct r820t_priv *priv, u8 reg, const u8 *val,
 	}
 	if (len <= 0)
 		return;
-	if (len > NUM_REGS)
-		len = NUM_REGS;
+	if (len > NUM_REGS - r)
+		len = NUM_REGS - r;

 	tuner_dbg("%s: prev  reg=%02x len=%d: %*ph\n",
 		  __func__, r + REG_SHADOW_START, len, len, val);