* re: [media] cec: add HDMI CEC framework (adapter)
@ 2016-06-29 20:49 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2016-06-29 20:49 UTC (permalink / raw)
To: hans.verkuil; +Cc: linux-media
Hello Hans Verkuil,
The patch 9881fe0ca187: "[media] cec: add HDMI CEC framework
(adapter)" from Jun 25, 2016, leads to the following static checker
warning:
drivers/staging/media/cec/cec-adap.c:1445 cec_receive_notify()
error: buffer overflow 'adap->phys_addrs' 15 <= 15
drivers/staging/media/cec/cec-adap.c
1373 static int cec_receive_notify(struct cec_adapter *adap, struct cec_msg *msg,
1374 bool is_reply)
1375 {
1376 bool is_broadcast = cec_msg_is_broadcast(msg);
1377 u8 dest_laddr = cec_msg_destination(msg);
1378 u8 init_laddr = cec_msg_initiator(msg);
1379 u8 devtype = cec_log_addr2dev(adap, dest_laddr);
1380 int la_idx = cec_log_addr2idx(adap, dest_laddr);
1381 bool is_directed = la_idx >= 0;
1382 bool from_unregistered = init_laddr == 0xf;
It's complaining about this.
1383 struct cec_msg tx_cec_msg = { };
1384
1385 dprintk(1, "cec_receive_notify: %*ph\n", msg->len, msg->msg);
1386
1387 if (adap->ops->received) {
1388 /* Allow drivers to process the message first */
1389 if (adap->ops->received(adap, msg) != -ENOMSG)
1390 return 0;
1391 }
1392
1393 /*
1394 * REPORT_PHYSICAL_ADDR, CEC_MSG_USER_CONTROL_PRESSED and
1395 * CEC_MSG_USER_CONTROL_RELEASED messages always have to be
1396 * handled by the CEC core, even if the passthrough mode is on.
1397 * The others are just ignored if passthrough mode is on.
1398 */
1399 switch (msg->msg[1]) {
1400 case CEC_MSG_GET_CEC_VERSION:
1401 case CEC_MSG_GIVE_DEVICE_VENDOR_ID:
1402 case CEC_MSG_ABORT:
1403 case CEC_MSG_GIVE_DEVICE_POWER_STATUS:
1404 case CEC_MSG_GIVE_PHYSICAL_ADDR:
1405 case CEC_MSG_GIVE_OSD_NAME:
1406 case CEC_MSG_GIVE_FEATURES:
1407 /*
1408 * Skip processing these messages if the passthrough mode
1409 * is on.
1410 */
1411 if (adap->passthrough)
1412 goto skip_processing;
1413 /* Ignore if addressing is wrong */
1414 if (is_broadcast || from_unregistered)
1415 return 0;
1416 break;
1417
1418 case CEC_MSG_USER_CONTROL_PRESSED:
1419 case CEC_MSG_USER_CONTROL_RELEASED:
1420 /* Wrong addressing mode: don't process */
1421 if (is_broadcast || from_unregistered)
1422 goto skip_processing;
1423 break;
1424
1425 case CEC_MSG_REPORT_PHYSICAL_ADDR:
1426 /*
1427 * This message is always processed, regardless of the
1428 * passthrough setting.
1429 *
1430 * Exception: don't process if wrong addressing mode.
1431 */
1432 if (!is_broadcast)
Should this be:
if (!is_broadcast || from_unregistered) ?
Maybe that's not possible.
1433 goto skip_processing;
1434 break;
1435
1436 default:
1437 break;
1438 }
1439
1440 cec_msg_set_reply_to(&tx_cec_msg, msg);
1441
1442 switch (msg->msg[1]) {
1443 /* The following messages are processed but still passed through */
1444 case CEC_MSG_REPORT_PHYSICAL_ADDR:
1445 adap->phys_addrs[init_laddr] =
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Here is where the warning gets generated. We would be writing over a
struct hole so it's not the end of the world I suppose.
1446 (msg->msg[2] << 8) | msg->msg[3];
1447 dprintk(1, "Reported physical address %04x for logical address %d\n",
1448 adap->phys_addrs[init_laddr], init_laddr);
1449 break;
1450
1451 case CEC_MSG_USER_CONTROL_PRESSED:
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-06-29 20:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-29 20:49 [media] cec: add HDMI CEC framework (adapter) Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.