mirror of https://gitee.com/openkylin/linux.git
firewire: fw-ohci: use of uninitialized data in AR handler
header_length and payload_length are filled with random data if an unknown tcode was read from the AR buffer (i.e. if the AR buffer contained invalid data). We still need a better strategy to recover from this, but at least handle_ar_packet now doesn't return out of bound buffer addresses anymore. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
This commit is contained in:
parent
0bf607c5b4
commit
ccff962943
|
@ -548,6 +548,11 @@ static __le32 *handle_ar_packet(struct ar_context *ctx, __le32 *buffer)
|
|||
p.header_length = 12;
|
||||
p.payload_length = 0;
|
||||
break;
|
||||
|
||||
default:
|
||||
/* FIXME: Stop context, discard everything, and restart? */
|
||||
p.header_length = 0;
|
||||
p.payload_length = 0;
|
||||
}
|
||||
|
||||
p.payload = (void *) buffer + p.header_length;
|
||||
|
|
Loading…
Reference in New Issue