From 292eaf50c7df4ae2ae8aaa9e1ce3f1240a353ee8 Mon Sep 17 00:00:00 2001 From: Hans Verkuil Date: Fri, 22 Jul 2016 05:36:29 -0300 Subject: [PATCH] [media] cec: fix off-by-one memset The unused bytes of the features array should be zeroed, but the start index was one byte too early. This caused the device features byte to be overwritten by 0. The compliance test for the CEC_S_LOG_ADDRS ioctl didn't catch this because it tested byte continuation with the second device features byte being 0 :-( Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab --- drivers/staging/media/cec/cec-adap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/media/cec/cec-adap.c b/drivers/staging/media/cec/cec-adap.c index 9fffddb7ac7e..b2393bbacb26 100644 --- a/drivers/staging/media/cec/cec-adap.c +++ b/drivers/staging/media/cec/cec-adap.c @@ -1252,7 +1252,7 @@ int __cec_s_log_addrs(struct cec_adapter *adap, return -EINVAL; } /* Zero unused part of the feature array */ - memset(features + i, 0, feature_sz - i); + memset(features + i + 1, 0, feature_sz - i - 1); } if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) { -- 2.20.1