Commit 2db8290f authored by Mauro Carvalho Chehab's avatar Mauro Carvalho Chehab Committed by Li Nan
Browse files

media: cx24116: prevent overflows on SNR calculus 

stable inclusion
from stable-v5.10.230
commit 828047c70f4716fde4b1316f7b610e97a4e83824
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AVY
CVE: CVE-2024-50290

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=828047c70f4716fde4b1316f7b610e97a4e83824



--------------------------------

commit 576a307a7650bd544fbb24df801b9b7863b85e2f upstream.

as reported by Coverity, if reading SNR registers fail, a negative
number will be returned, causing an underflow when reading SNR
registers.

Prevent that.

Fixes: 8953db79 ("V4L/DVB (9178): cx24116: Add module parameter to return SNR as ESNO.")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLi Nan <linan122@huawei.com>
parent 1f7a6bcd

drivers/media/dvb-frontends/cx24116.c

+6 −1
Original line number Diff line number Diff line
@@ -741,6 +741,7 @@ static int cx24116_read_snr_pct(struct dvb_frontend *fe, u16 *snr) 
{

	struct cx24116_state *state = fe->demodulator_priv;

	u8 snr_reading;

	int ret;

	static const u32 snr_tab[] = { /* 10 x Table (rounded up) */

		0x00000, 0x0199A, 0x03333, 0x04ccD, 0x06667,

		0x08000, 0x0999A, 0x0b333, 0x0cccD, 0x0e667,
@@ -749,7 +750,11 @@ static int cx24116_read_snr_pct(struct dvb_frontend *fe, u16 *snr) 


	dprintk("%s()\n", __func__);



	snr_reading = cx24116_readreg(state, CX24116_REG_QUALITY0);

	ret = cx24116_readreg(state, CX24116_REG_QUALITY0);

	if (ret  < 0)

		return ret;



	snr_reading = ret;



	if (snr_reading >= 0xa0 /* 100% */)

		*snr = 0xffff;