[linux-dvb] Possible buffer overflow in dst driver
Sigmund Augdal
sigmund at snap.tv
Tue Sep 6 12:42:16 CEST 2005
On Mon, 2005-09-05 at 22:52 +0400, Manu Abraham wrote:
> Sigmund Augdal wrote:
>
> >Using current cvs dvb-kernel, I'm tring to sort out some issues with ca
> >on a twinhan card. I think I discovered what might be a serious problem:
> >
> >in dvb_bt8xx.c:frontend_init in the BTTV_TWINHAN_DST case right before
> >the dst_ca_attached I added a case to se if
> >state->dst_hw_cap&DST_TYPE_HAS_SESSION
> >
> >
> which version of dst/dst_ca are you using ? CVS/kernel ? I presume
> latest CVS.
I thought I said that fairly clearly, but yes.
>
> Can you try printing the contents of the arrays (require only rxbuffer)
> in the struct, at the stage where you think an overflow occurs ?
> as well as state->dst_hw_cap ?
>
> Might as well as check with what content it is overflowing ..
This sounds like a good idea, I'll try that more thoughrougly when I get
some more time.
>
> You might as well as put a printk at the very end of dst_get_device_id()
> to check the status of state->dst_hw_cap at that point.
Tried this. At that point state->dst_hw_cap is 55.
I also have a couple of other problems I hope you (or the list can
comment on (the sooner the better)):
Is there a limit to the number of such cards one could place in the same
computer?
Is there a way to load the tuner and tveeprom modules from both dvb and
the ivtv project at the same time?
With regards
Sigmund
>
> Thanks,
> Manu
>
More information about the linux-dvb
mailing list