[linux-dvb] Digitv USB firmware loading issue [PATCH]

Jon Burgess jburgess at uklinux.net
Fri Dec 16 00:11:53 CET 2005


Wolfgang Rohdewald wrote:
> On Freitag 09 Dezember 2005 19:28, Jon Burgess wrote:
> 
>>Jan Kämpe wrote:
>>
>>> int dvb_usb_get_hexline(const struct firmware *fw, struct hexline *hx, int *pos)
>>> {
>>>-	u8 *b = (u8 *) &fw->data[*pos];
>>> 	int data_offs = 4;
>>> 	if (*pos >= fw->size)
>>> 		return 0;
>>> 
>>>+	u8 *b = (u8 *) &fw->data[*pos];
>>> 	memset(hx,0,sizeof(struct hexline));
>>
>>I don't see why this change is needed and it breaks on older GCC.
> 
> 
> if *pos >= fw->size, data[*pos] will access unallocated memory behind data.

You are right in principle, but I believe that doing &foo[x] just gives 
you the address of the item, you don't actually do an out-of-bounds 
access until you actually dereference the pointer. The change makes the 
code look more correct, but I don't think you'll ever see this causing a 
crash or illegal access in practice since the check for (pos > fw->size) 
is done before the dereference.

	Jon



More information about the linux-dvb mailing list