From a460ad62260def15c42130de253d6cfc32528a2f Mon Sep 17 00:00:00 2001 From: Phillip Susi Date: Sat, 4 Feb 2006 23:27:44 -0800 Subject: [PATCH] [PATCH] pktcdvd: Fix overflow for discs with large packets The pktcdvd driver was using an 8 bit field to store the packet length obtained from the disc track info. This causes it to overflow packet length values of 128KB or more. I changed the field to 32 bits to fix this. The pktcdvd driver defaulted to its maximum allowed packet length when it detected a 0 in the track info field. I changed this to fail the operation and refuse to access the media. This seems more sane than attempting to access it with a value that almost certainly will not work. Signed-off-by: Peter Osterlund Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/block/pktcdvd.c | 2 +- include/linux/pktcdvd.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c index 93affeeef7b..d95e7e1ac35 100644 --- a/drivers/block/pktcdvd.c +++ b/drivers/block/pktcdvd.c @@ -1639,7 +1639,7 @@ static int pkt_probe_settings(struct pktcdvd_device *pd) pd->settings.size = be32_to_cpu(ti.fixed_packet_size) << 2; if (pd->settings.size == 0) { printk("pktcdvd: detected zero packet size!\n"); - pd->settings.size = 128; + return -ENXIO; } if (pd->settings.size > PACKET_MAX_SECTORS) { printk("pktcdvd: packet size is too big\n"); diff --git a/include/linux/pktcdvd.h b/include/linux/pktcdvd.h index 2c177e4c8f2..d1c9c4a86e5 100644 --- a/include/linux/pktcdvd.h +++ b/include/linux/pktcdvd.h @@ -114,7 +114,7 @@ struct pkt_ctrl_command { struct packet_settings { - __u8 size; /* packet size in (512 byte) sectors */ + __u32 size; /* packet size in (512 byte) sectors */ __u8 fp; /* fixed packets */ __u8 link_loss; /* the rest is specified * as per Mt Fuji */ -- 2.20.1