The pktcdvd driver was using an 8 bit field to store the packet length
obtained from the disc track info. This causes it to overflow packet length
values of 128KB or more. I changed the field to 32 bits to fix this.
The pktcdvd driver defaulted to its maximum allowed packet length when it
detected a 0 in the track info field. I changed this to fail the operation
and refuse to access the media. This seems more sane than attempting to
access it with a value that almost certainly will not work.
Signed-off-by: Peter Osterlund <petero2@telia.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
pd->settings.size = be32_to_cpu(ti.fixed_packet_size) << 2;
if (pd->settings.size == 0) {
printk("pktcdvd: detected zero packet size!\n");
- pd->settings.size = 128;
+ return -ENXIO;
}
if (pd->settings.size > PACKET_MAX_SECTORS) {
printk("pktcdvd: packet size is too big\n");
struct packet_settings
{
- __u8 size; /* packet size in (512 byte) sectors */
+ __u32 size; /* packet size in (512 byte) sectors */
__u8 fp; /* fixed packets */
__u8 link_loss; /* the rest is specified
* as per Mt Fuji */
projects / linux-2.6 / commitdiff