[media] stv0900: avoid going past array
authorMauro Carvalho Chehab <mchehab@osg.samsung.com>
Mon, 22 Feb 2016 16:12:00 +0000 (13:12 -0300)
committerMauro Carvalho Chehab <mchehab@osg.samsung.com>
Tue, 23 Feb 2016 10:21:42 +0000 (07:21 -0300)
Fix the following smatch warnings:
drivers/media/dvb-frontends/stv0900_core.c:1183 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13
drivers/media/dvb-frontends/stv0900_core.c:1185 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13
drivers/media/dvb-frontends/stv0900_core.c:1187 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13
drivers/media/dvb-frontends/stv0900_core.c:1189 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13
drivers/media/dvb-frontends/stv0900_core.c:1191 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13

Reviewed-by: Michael Ira Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
drivers/media/dvb-frontends/stv0900_core.c

index 28239b1fd954932840ab54608da07f0328e66818..f667005a666146132cd55490e4475786bc20e566 100644 (file)
@@ -1087,7 +1087,7 @@ u8 stv0900_get_optim_carr_loop(s32 srate, enum fe_stv0900_modcode modcode,
                                                        s32 pilot, u8 chip_id)
 {
        u8 aclc_value = 0x29;
-       s32 i;
+       s32 i, cllas2_size;
        const struct stv0900_car_loop_optim *cls2, *cllqs2, *cllas2;
 
        dprintk("%s\n", __func__);
@@ -1096,14 +1096,17 @@ u8 stv0900_get_optim_carr_loop(s32 srate, enum fe_stv0900_modcode modcode,
                cls2 = FE_STV0900_S2CarLoop;
                cllqs2 = FE_STV0900_S2LowQPCarLoopCut30;
                cllas2 = FE_STV0900_S2APSKCarLoopCut30;
+               cllas2_size = ARRAY_SIZE(FE_STV0900_S2APSKCarLoopCut30);
        } else if (chip_id == 0x20) {
                cls2 = FE_STV0900_S2CarLoopCut20;
                cllqs2 = FE_STV0900_S2LowQPCarLoopCut20;
                cllas2 = FE_STV0900_S2APSKCarLoopCut20;
+               cllas2_size = ARRAY_SIZE(FE_STV0900_S2APSKCarLoopCut20);
        } else {
                cls2 = FE_STV0900_S2CarLoopCut30;
                cllqs2 = FE_STV0900_S2LowQPCarLoopCut30;
                cllas2 = FE_STV0900_S2APSKCarLoopCut30;
+               cllas2_size = ARRAY_SIZE(FE_STV0900_S2APSKCarLoopCut30);
        }
 
        if (modcode < STV0900_QPSK_12) {
@@ -1178,7 +1181,7 @@ u8 stv0900_get_optim_carr_loop(s32 srate, enum fe_stv0900_modcode modcode,
                                aclc_value = cls2[i].car_loop_pilots_off_30;
                }
 
-       } else {
+       } else if (i < cllas2_size) {
                if (srate <= 3000000)
                        aclc_value = cllas2[i].car_loop_pilots_on_2;
                else if (srate <= 7000000)