[PATCH] pktcdvd: Fix overflow for discs with large packets
authorPhillip Susi <psusi@cfl.rr.com>
Sun, 5 Feb 2006 07:27:44 +0000 (23:27 -0800)
committerLinus Torvalds <torvalds@g5.osdl.org>
Sun, 5 Feb 2006 19:06:52 +0000 (11:06 -0800)
The pktcdvd driver was using an 8 bit field to store the packet length
obtained from the disc track info.  This causes it to overflow packet length
values of 128KB or more.  I changed the field to 32 bits to fix this.

The pktcdvd driver defaulted to its maximum allowed packet length when it
detected a 0 in the track info field.  I changed this to fail the operation
and refuse to access the media.  This seems more sane than attempting to
access it with a value that almost certainly will not work.

Signed-off-by: Peter Osterlund <petero2@telia.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
drivers/block/pktcdvd.c
include/linux/pktcdvd.h

index 93affeeef7bd3675009f1edc885684824bad633f..d95e7e1ac3553bf1d9e317c0c6b7a5ed5462f1ad 100644 (file)
@@ -1639,7 +1639,7 @@ static int pkt_probe_settings(struct pktcdvd_device *pd)
        pd->settings.size = be32_to_cpu(ti.fixed_packet_size) << 2;
        if (pd->settings.size == 0) {
                printk("pktcdvd: detected zero packet size!\n");
-               pd->settings.size = 128;
+               return -ENXIO;
        }
        if (pd->settings.size > PACKET_MAX_SECTORS) {
                printk("pktcdvd: packet size is too big\n");
index 2c177e4c8f226d50803162dcb421beb629d4cbd3..d1c9c4a86e52bb55886938618a195744a9ae4782 100644 (file)
@@ -114,7 +114,7 @@ struct pkt_ctrl_command {
 
 struct packet_settings
 {
-       __u                   size;           /* packet size in (512 byte) sectors */
+       __u32                   size;           /* packet size in (512 byte) sectors */
        __u8                    fp;             /* fixed packets */
        __u8                    link_loss;      /* the rest is specified
                                                 * as per Mt Fuji */