[PATCH] dvb: dst: Fix possible buffer overflow Fixes a possible buffer overflow due to reading more than 8 bytes into an 8 byte long array Thanks to Perceval Anichini <perceval.anichini@streamvision.fr> for pointing out the bug. Signed-off-by: Manu Abraham <manu@linuxtv.org> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Cc: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: 5c15c0b4fa850543b8ccfcf93686d24456cc384d [log] [tgz]
author: Manu Abraham <manu@linuxtv.org> Tue Nov 08 21:35:24 2005 -0800
committer: Linus Torvalds <torvalds@g5.osdl.org> Wed Nov 09 07:56:02 2005 -0800
tree: 85863bed32aedbed05a079efc077e04827f58f89
parent: 4fbbc7ee591ab19707d12e2f86a1ae11f7195423 [diff] [blame]
diff --git a/drivers/media/dvb/bt8xx/dst_ca.c b/drivers/media/dvb/bt8xx/dst_ca.c
index 16645e0..38c72894 100644
--- a/drivers/media/dvb/bt8xx/dst_ca.c
+++ b/drivers/media/dvb/bt8xx/dst_ca.c

@@ -196,7 +196,7 @@
 	int i;
 	static u8 slot_command[8] = {0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff};
 
-	u8 *slot_info = state->rxbuffer;
+	u8 *slot_info = state->messages;
 
 	put_checksum(&slot_command[0], 7);
 	if ((dst_put_ci(state, slot_command, sizeof (slot_command), slot_info, GET_REPLY)) < 0) {
commit	5c15c0b4fa850543b8ccfcf93686d24456cc384d	[log] [tgz]
author	Manu Abraham <manu@linuxtv.org>	Tue Nov 08 21:35:24 2005 -0800
committer	Linus Torvalds <torvalds@g5.osdl.org>	Wed Nov 09 07:56:02 2005 -0800
tree	85863bed32aedbed05a079efc077e04827f58f89
parent	4fbbc7ee591ab19707d12e2f86a1ae11f7195423 [diff] [blame]