Re: [PATCH][media-next] media: i2c: mt9v111: fix off-by-one array bounds check
From: jacopo mondi
Date: Tue Jul 31 2018 - 10:02:01 EST
Hi Colin,
On Tue, Jul 31, 2018 at 02:55:25PM +0100, Colin Ian King wrote:
> On 31/07/18 14:53, jacopo mondi wrote:
> > Hi Colin,
> > thanks for the patch.
> >
> > On Tue, Jul 31, 2018 at 02:33:43PM +0100, Colin King wrote:
> >> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> >>
> >> The check of fse->index is off-by-one and should be using >= rather
> >> than > to check the maximum allowed array index. Fix this.
> >>
> >> Detected by CoverityScan, CID#172122 ("Out-of-bounds read")
> >>
> >> Fixes: aab7ed1c3927 ("media: i2c: Add driver for Aptina MT9V111")
> >> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> >
> > Acked-by: Jacopo Mondi <jacopo+renesas@xxxxxxxxxx>
> >
> > Thanks
> > j
> >
>
> Just to note, I also got a build warning on this driver, so that's
> something that should be fixed up too.
>
> drivers/media/i2c/mt9v111.c:887:15: warning: 'idx' may be used
> uninitialized in this function [-Wmaybe-uninitialized]
> unsigned int idx;
Yes, that's false positive but indeed gcc doesn't know about that.
A patch has already been sent and will hopefully be collected soon:
https://patchwork.linuxtv.org/patch/51259/
Thanks for noticing
j
Attachment:
signature.asc
Description: PGP signature