Hello,
Our static analysis tool reports a possible buffer-underflow in
cx25821-core.c in Linux 5.14.0-rc3:
The variable channel_select is checked in:
761: if (channel_select <= 7 && channel_select >= 0)
This indicates that channel_select can be negative.
If so, a buffer-underflow will occur:
765: dev->channels[channel_select].pixel_formats = format;
However, we checked this report manually, and found that the only call
site is in cx25821-video.c:
394: cx25821_set_pixel_format(dev, SRAM_CH00, pix_format);
And SRAM_CH00 is not negative.
I am not sure whether this negatvie-check is redundant or there is a
potential buffer-underflow.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <[email protected]>
Best wishes,
Tuo Li