[linux-dvb] Digitv USB firmware loading issue [PATCH]

Johannes Stezenbach js at linuxtv.org
Fri Dec 16 17:53:21 CET 2005


On Thu, Dec 15, 2005 at 11:11:53PM +0000, Jon Burgess wrote:
> Wolfgang Rohdewald wrote:
> >On Freitag 09 Dezember 2005 19:28, Jon Burgess wrote:
> >
> >>Jan Kämpe wrote:
> >>
> >>>int dvb_usb_get_hexline(const struct firmware *fw, struct hexline *hx, 
> >>>int *pos)
> >>>{
> >>>-	u8 *b = (u8 *) &fw->data[*pos];
> >>>	int data_offs = 4;
> >>>	if (*pos >= fw->size)
> >>>		return 0;
> >>>
> >>>+	u8 *b = (u8 *) &fw->data[*pos];
> >>>	memset(hx,0,sizeof(struct hexline));
> >>
> >>I don't see why this change is needed and it breaks on older GCC.
> >
> >
> >if *pos >= fw->size, data[*pos] will access unallocated memory behind data.
> 
> You are right in principle, but I believe that doing &foo[x] just gives 
> you the address of the item, you don't actually do an out-of-bounds 
> access until you actually dereference the pointer. The change makes the 
> code look more correct, but I don't think you'll ever see this causing a 
> crash or illegal access in practice since the check for (pos > fw->size) 
> is done before the dereference.

One can avoid any uncertainty by writing it as:

	u8 *b = fw->data + *pos;

BTW, the (u8 *) cast is unnecessary.

Johannes



More information about the linux-dvb mailing list