From: Laura Abbott Date: Mon, 5 Oct 2015 22:33:29 +0000 (-0300) Subject: si2157: return -EINVAL if firmware blob is too big X-Git-Tag: firefly_0821_release~176^2~475^2~300 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c44a410e1680345b13a2e7c1011a3a470beb76d8;p=firefly-linux-kernel-4.4.55.git si2157: return -EINVAL if firmware blob is too big commit d2cc2f0b35465951eaaf0387fd55e29835ed7ea6 upstream. A previous patch added a check if the firmware is too big, but it didn't set the return error code with the right value. [mchehab@osg.samsung.com: I ended by applying a v1 of Laura's patch, without the proper return code. This patch contains the difference between v2 and v1 of the Laura's "si2157: Bounds check firmware" patch] Signed-off-by: Laura Abbott Reviewed-by: Olli Salonen Tested-by: Olli Salonen Signed-off-by: Greg Kroah-Hartman Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c index ce157edd45fa..0e1ca2b00e61 100644 --- a/drivers/media/tuners/si2157.c +++ b/drivers/media/tuners/si2157.c @@ -168,6 +168,7 @@ static int si2157_init(struct dvb_frontend *fe) len = fw->data[fw->size - remaining]; if (len > SI2157_ARGLEN) { dev_err(&client->dev, "Bad firmware length\n"); + ret = -EINVAL; goto err_release_firmware; } memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len);