[media] cec: fix off-by-one memset

The unused bytes of the features array should be zeroed, but the start index was one byte too early. This caused the device features byte to be overwritten by 0. The compliance test for the CEC_S_LOG_ADDRS ioctl didn't catch this because it tested byte continuation with the second device features byte being 0 :-( Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
joolstorrentecalo · Jul 28, 2016 · 292eaf5 · 292eaf5
1 parent cd70c37
commit 292eaf5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/staging/media/cec/cec-adap.c b/drivers/staging/media/cec/cec-adap.c
@@ -1252,7 +1252,7 @@ int __cec_s_log_addrs(struct cec_adapter *adap,
 			return -EINVAL;
 		}
 		/* Zero unused part of the feature array */
-		memset(features + i, 0, feature_sz - i);
+		memset(features + i + 1, 0, feature_sz - i - 1);
 	}
 
 	if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) {