[linux-dvb] Possible buffer overflow in dst driver

Sigmund Augdal sigmund at snap.tv
Tue Sep 6 12:42:16 CEST 2005


On Mon, 2005-09-05 at 22:52 +0400, Manu Abraham wrote:
> Sigmund Augdal wrote:
> 
> >Using current cvs dvb-kernel, I'm tring to sort out some issues with ca
> >on a twinhan card. I think I discovered what might be a serious problem:
> >
> >in dvb_bt8xx.c:frontend_init in the BTTV_TWINHAN_DST case right before
> >the dst_ca_attached I added a case to se if
> >state->dst_hw_cap&DST_TYPE_HAS_SESSION
> >  
> >
> which version of dst/dst_ca are you using ? CVS/kernel ? I presume 
> latest CVS.
I thought I said that fairly clearly, but yes.
> 
> Can you try printing the contents of the arrays (require only rxbuffer) 
> in the struct, at the stage where you think an overflow occurs ?
> as well as state->dst_hw_cap ?
> 
> Might as well as check with what content it is overflowing ..
This sounds like a good idea, I'll try that more thoughrougly when I get
some more time.
> 
> You might as well as put a printk at the very end of dst_get_device_id() 
> to check the status of state->dst_hw_cap at that point.
Tried this. At that point state->dst_hw_cap is 55.

I also have a couple of other problems I hope you (or the list can
comment on (the sooner the better)):
Is there a limit to the number of such cards one could place in the same
computer?
Is there a way to load the tuner and tveeprom modules from both dvb and
the ivtv project at the same time?

With regards

Sigmund
> 
> Thanks,
> Manu
> 




More information about the linux-dvb mailing list