summaryrefslogtreecommitdiff
path: root/include/linux/firewire.h
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2009-09-06 20:49:17 +0400
committerStefan Richter <stefanr@s5r6.in-berlin.de>2009-09-12 16:48:40 +0400
commit928ec5f148e729076e9202e7c78babede628a50c (patch)
tree2ad9c7263728d6f1ba91f69003873ed80e966328 /include/linux/firewire.h
parent64549e9357e5222a73e41aa87372b37abb047720 (diff)
downloadlinux-928ec5f148e729076e9202e7c78babede628a50c.tar.xz
firewire: ohci: fix Self ID Count register mask (safeguard against buffer overflow)
The selfIDSize field of Self ID Count is 9 bits wide, and we are only interested in the high 8 bits. Fix the mask accordingly. The previously too large mask didn't do damage though because the next few bits in the register are reserved and therefore zero with presently existing hardware. Also, check for the maximum possible self ID count of 252 (according to OHCI 1.1 clause 11.2 and IEEE 1394a-2000 clause 4.3.4.1, i.e. up to four self IDs of up to 63 nodes, even though IEEE 1394 up to edition 2008 defines only up to three self IDs per node). More than 252 self IDs would only happen if the self ID receive DMA unit malfunctioned, which would likely be caught by other self ID buffer checks. However, check it early to be sure. More than 253 quadlets would overflow the Topology Map CSR. Reported-By: PaX Team Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'include/linux/firewire.h')
0 files changed, 0 insertions, 0 deletions