From d079e36d94bc3535d04dba667b6d96d2030c199d Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Mon, 22 Feb 2016 13:12:00 -0300 Subject: [PATCH] [media] stv0900: avoid going past array Fix the following smatch warnings: drivers/media/dvb-frontends/stv0900_core.c:1183 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13 drivers/media/dvb-frontends/stv0900_core.c:1185 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13 drivers/media/dvb-frontends/stv0900_core.c:1187 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13 drivers/media/dvb-frontends/stv0900_core.c:1189 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13 drivers/media/dvb-frontends/stv0900_core.c:1191 stv0900_get_optim_carr_loop() error: buffer overflow 'cllas2' 11 <= 13 Reviewed-by: Michael Ira Krufky Signed-off-by: Mauro Carvalho Chehab --- drivers/media/dvb-frontends/stv0900_core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/media/dvb-frontends/stv0900_core.c b/drivers/media/dvb-frontends/stv0900_core.c index 28239b1fd954..f667005a6661 100644 --- a/drivers/media/dvb-frontends/stv0900_core.c +++ b/drivers/media/dvb-frontends/stv0900_core.c @@ -1087,7 +1087,7 @@ u8 stv0900_get_optim_carr_loop(s32 srate, enum fe_stv0900_modcode modcode, s32 pilot, u8 chip_id) { u8 aclc_value = 0x29; - s32 i; + s32 i, cllas2_size; const struct stv0900_car_loop_optim *cls2, *cllqs2, *cllas2; dprintk("%s\n", __func__); @@ -1096,14 +1096,17 @@ u8 stv0900_get_optim_carr_loop(s32 srate, enum fe_stv0900_modcode modcode, cls2 = FE_STV0900_S2CarLoop; cllqs2 = FE_STV0900_S2LowQPCarLoopCut30; cllas2 = FE_STV0900_S2APSKCarLoopCut30; + cllas2_size = ARRAY_SIZE(FE_STV0900_S2APSKCarLoopCut30); } else if (chip_id == 0x20) { cls2 = FE_STV0900_S2CarLoopCut20; cllqs2 = FE_STV0900_S2LowQPCarLoopCut20; cllas2 = FE_STV0900_S2APSKCarLoopCut20; + cllas2_size = ARRAY_SIZE(FE_STV0900_S2APSKCarLoopCut20); } else { cls2 = FE_STV0900_S2CarLoopCut30; cllqs2 = FE_STV0900_S2LowQPCarLoopCut30; cllas2 = FE_STV0900_S2APSKCarLoopCut30; + cllas2_size = ARRAY_SIZE(FE_STV0900_S2APSKCarLoopCut30); } if (modcode < STV0900_QPSK_12) { @@ -1178,7 +1181,7 @@ u8 stv0900_get_optim_carr_loop(s32 srate, enum fe_stv0900_modcode modcode, aclc_value = cls2[i].car_loop_pilots_off_30; } - } else { + } else if (i < cllas2_size) { if (srate <= 3000000) aclc_value = cllas2[i].car_loop_pilots_on_2; else if (srate <= 7000000) -- 2.20.1