[media] cec: fix off-by-one memset

hverkuil · mchehab · commit 292eaf50c7df · 2016-07-28T20:16:35.000-03:00
The unused bytes of the features array should be zeroed, but the start index was one
byte too early. This caused the device features byte to be overwritten by 0.

The compliance test for the CEC_S_LOG_ADDRS ioctl didn't catch this because it tested
byte continuation with the second device features byte being 0 :-(

Signed-off-by: Hans Verkuil &lt;hans.verkuil@cisco.com&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab@s-opensource.com&gt;
diff --git a/drivers/staging/media/cec/cec-adap.c b/drivers/staging/media/cec/cec-adap.c
@@ -1252,7 +1252,7 @@ int __cec_s_log_addrs(struct cec_adapter *adap,
 			return -EINVAL;
 		}
 		/* Zero unused part of the feature array */
-		memset(features + i, 0, feature_sz - i);
+		memset(features + i + 1, 0, feature_sz - i - 1);
 	}
 
 	if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) {

Original file line number	Diff line number	Diff line change
`@@ -1252,7 +1252,7 @@ int __cec_s_log_addrs(struct cec_adapter *adap,`
`1252`	`1252`	`return -EINVAL;`
`1253`	`1253`	`}`
`1254`	`1254`	`/* Zero unused part of the feature array */`
`1255`		`- memset(features + i, 0, feature_sz - i);`
	`1255`	`+ memset(features + i + 1, 0, feature_sz - i - 1);`
`1256`	`1256`	`}`
`1257`	`1257`
`1258`	`1258`	`if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) {`