[linux-dvb] [PATCH] tuner-xc2028.c firmware loading panic

Devin Heitmueller devin.heitmueller at gmail.com
Tue Dec 11 06:31:32 CET 2007


On Dec 9, 2007 10:16 PM, Devin Heitmueller <devin.heitmueller at gmail.com> wrote:
> I was doing some work trying to figure out the format for the firmware
> fed into tuner-xc2028.c, and caused a panic when I gave it some
> malformed input.
> The size field can be some obscenely large number which causes an
> integer wraparound when comparing it to the end pointer (p + size <
> endp test passes when size is large enough to wrap around).
> The attached patch against the trunk just tweaks the math for the
> calculation to avoid the wraparound bug.
> Could somebody please provide any information regarding the format of
> the expected firmware file?  I have been playing around with
> v4l_experimental/xc3028/convert.c as well as
> v4l2-apps/util/xc3028-firmware/firmware-tool.c and it's not clear what
> is the expected input.  Better yet, if somebody could point me to a
> sample firmware file that works, I'm sure I can work backwards from
> there (in my case I'm trying to get the HVR-950 working).
> On a sidenote, is v4l/xc3028.c actually used for anything?  I spent
> some time digging around in the firmware loading code there before I
> realized that the actual code being used was in tuner-xc2028.c.  If it
> is dead code, can it be dropped from the repository?
> Thanks,
> --
> Devin J. Heitmueller
> http://www.devinheitmueller.com
AIM: devinheitmueller

Devin J. Heitmueller
AIM: devinheitmueller

