From: Dan Carpenter <dan.carpenter@oracle.com>
To: hans.verkuil@cisco.com
Cc: linux-media@vger.kernel.org
Subject: re: [media] vivid: add support for radio receivers and transmitters
Date: Wed, 16 Sep 2015 18:59:29 +0300 [thread overview]
Message-ID: <20150916155928.GA9735@mwanda> (raw)
Hello Hans Verkuil,
The patch 55d58e989856: "[media] vivid: add support for radio
receivers and transmitters" from Aug 25, 2014, leads to the following
static checker warning:
drivers/media/platform/vivid/vivid-rds-gen.c:82 vivid_rds_generate()
error: buffer overflow 'rds->psname' 9 <= 43
drivers/media/platform/vivid/vivid-rds-gen.c
63 for (grp = 0; grp < VIVID_RDS_GEN_GROUPS; grp++, data += VIVID_RDS_GEN_BLKS_PER_GRP) {
VIVID_RDS_GEN_GROUPS is 57.
64 data[0].lsb = rds->picode & 0xff;
65 data[0].msb = rds->picode >> 8;
66 data[0].block = V4L2_RDS_BLOCK_A | (V4L2_RDS_BLOCK_A << 3);
67 data[1].lsb = rds->pty << 5;
68 data[1].msb = (rds->pty >> 3) | (rds->tp << 2);
69 data[1].block = V4L2_RDS_BLOCK_B | (V4L2_RDS_BLOCK_B << 3);
70 data[3].block = V4L2_RDS_BLOCK_D | (V4L2_RDS_BLOCK_D << 3);
71
72 switch (grp) {
73 case 0 ... 3:
74 case 22 ... 25:
75 case 44 ... 47: /* Group 0B */
76 data[1].lsb |= (rds->ta << 4) | (rds->ms << 3);
77 data[1].lsb |= vivid_get_di(rds, grp % 22);
78 data[1].msb |= 1 << 3;
79 data[2].lsb = rds->picode & 0xff;
80 data[2].msb = rds->picode >> 8;
81 data[2].block = V4L2_RDS_BLOCK_C_ALT | (V4L2_RDS_BLOCK_C_ALT << 3);
82 data[3].lsb = rds->psname[2 * (grp % 22) + 1];
83 data[3].msb = rds->psname[2 * (grp % 22)];
These two are maybe cut and paste from ->radiotext[]?
84 break;
85 case 4 ... 19:
86 case 26 ... 41: /* Group 2A */
87 data[1].lsb |= (grp - 4) % 22;
88 data[1].msb |= 4 << 3;
89 data[2].msb = rds->radiotext[4 * ((grp - 4) % 22)];
90 data[2].lsb = rds->radiotext[4 * ((grp - 4) % 22) + 1];
It doesn't like these either though...
91 data[2].block = V4L2_RDS_BLOCK_C | (V4L2_RDS_BLOCK_C << 3);
92 data[3].msb = rds->radiotext[4 * ((grp - 4) % 22) + 2];
93 data[3].lsb = rds->radiotext[4 * ((grp - 4) % 22) + 3];
94 break;
drivers/media/platform/vivid/vivid-rds-gen.c:82 vivid_rds_generate() error: buffer overflow 'rds->psname' 9 <= 43
drivers/media/platform/vivid/vivid-rds-gen.c:83 vivid_rds_generate() error: buffer overflow 'rds->psname' 9 <= 42
drivers/media/platform/vivid/vivid-rds-gen.c:89 vivid_rds_generate() error: buffer overflow 'rds->radiotext' 65 <= 84
drivers/media/platform/vivid/vivid-rds-gen.c:90 vivid_rds_generate() error: buffer overflow 'rds->radiotext' 65 <= 85
drivers/media/platform/vivid/vivid-rds-gen.c:92 vivid_rds_generate() error: buffer overflow 'rds->radiotext' 65 <= 86
drivers/media/platform/vivid/vivid-rds-gen.c:93 vivid_rds_generate() error: buffer overflow 'rds->radiotext' 65 <= 87
regards,
dan carpenter
reply other threads:[~2015-09-16 15:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150916155928.GA9735@mwanda \
--to=dan.carpenter@oracle.com \
--cc=hans.verkuil@cisco.com \
--cc=linux-media@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox