[linux-dvb] Possible buffer overflow in dst driver

Manu Abraham abraham.manu at gmail.com
Mon Sep 5 20:52:37 CEST 2005


Sigmund Augdal wrote:

>Using current cvs dvb-kernel, I'm tring to sort out some issues with ca
>on a twinhan card. I think I discovered what might be a serious problem:
>
>in dvb_bt8xx.c:frontend_init in the BTTV_TWINHAN_DST case right before
>the dst_ca_attached I added a case to se if
>state->dst_hw_cap&DST_TYPE_HAS_SESSION
>  
>
which version of dst/dst_ca are you using ? CVS/kernel ? I presume 
latest CVS.

Can you try printing the contents of the arrays (require only rxbuffer) 
in the struct, at the stage where you think an overflow occurs ?
as well as state->dst_hw_cap ?

Might as well as check with what content it is overflowing ..

You might as well as put a printk at the very end of dst_get_device_id() 
to check the status of state->dst_hw_cap at that point.

Thanks,
Manu




More information about the linux-dvb mailing list