Message ID | 77322db90902cd2c9d25fa3d614bf25809e9c609.1623846327.git.mchehab+huawei@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Address some smatch warnings | expand |
diff --git a/drivers/media/dvb-core/dvb_ca_en50221.c b/drivers/media/dvb-core/dvb_ca_en50221.c index b7e4a3371176..15a08d8c69ef 100644 --- a/drivers/media/dvb-core/dvb_ca_en50221.c +++ b/drivers/media/dvb-core/dvb_ca_en50221.c @@ -1386,6 +1386,7 @@ static int dvb_ca_en50221_io_do_ioctl(struct file *file, err = -EINVAL; goto out_unlock; } + slot = array_index_nospec(slot, ca->slot_count); info->type = CA_CI_LINK; info->flags = 0;
As warned by smatch: drivers/media/dvb-core/dvb_ca_en50221.c:1392 dvb_ca_en50221_io_do_ioctl() warn: potential spectre issue 'ca->slot_info' [r] (local cap) There's a potential of using a CAM ioctl for speculation. The risk here is minimum, as only a small subset of DVB boards have CI, with a CAM module installed. Also, exploiting it would require an user capable of starting a DVB application. There are probably a lot of easier ways to try to exploit. Yet, it doesn't harm addressing it. Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> --- drivers/media/dvb-core/dvb_ca_en50221.c | 1 + 1 file changed, 1 insertion(+)