Commit a460ad62 authored by Phillip Susi's avatar Phillip Susi Committed by Linus Torvalds

[PATCH] pktcdvd: Fix overflow for discs with large packets

The pktcdvd driver was using an 8 bit field to store the packet length
obtained from the disc track info.  This causes it to overflow packet length
values of 128KB or more.  I changed the field to 32 bits to fix this.

The pktcdvd driver defaulted to its maximum allowed packet length when it
detected a 0 in the track info field.  I changed this to fail the operation
and refuse to access the media.  This seems more sane than attempting to
access it with a value that almost certainly will not work.
Signed-off-by: default avatarPeter Osterlund <petero2@telia.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent bd576c95
...@@ -1639,7 +1639,7 @@ static int pkt_probe_settings(struct pktcdvd_device *pd) ...@@ -1639,7 +1639,7 @@ static int pkt_probe_settings(struct pktcdvd_device *pd)
pd->settings.size = be32_to_cpu(ti.fixed_packet_size) << 2; pd->settings.size = be32_to_cpu(ti.fixed_packet_size) << 2;
if (pd->settings.size == 0) { if (pd->settings.size == 0) {
printk("pktcdvd: detected zero packet size!\n"); printk("pktcdvd: detected zero packet size!\n");
pd->settings.size = 128; return -ENXIO;
} }
if (pd->settings.size > PACKET_MAX_SECTORS) { if (pd->settings.size > PACKET_MAX_SECTORS) {
printk("pktcdvd: packet size is too big\n"); printk("pktcdvd: packet size is too big\n");
......
...@@ -114,7 +114,7 @@ struct pkt_ctrl_command { ...@@ -114,7 +114,7 @@ struct pkt_ctrl_command {
struct packet_settings struct packet_settings
{ {
__u8 size; /* packet size in (512 byte) sectors */ __u32 size; /* packet size in (512 byte) sectors */
__u8 fp; /* fixed packets */ __u8 fp; /* fixed packets */
__u8 link_loss; /* the rest is specified __u8 link_loss; /* the rest is specified
* as per Mt Fuji */ * as per Mt Fuji */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment