From 3309444d86cb612c47c2c1dc023586ee785eca6e Mon Sep 17 00:00:00 2001 From: SPRESENSE <41312067+SPRESENSE@users.noreply.github.com> Date: Tue, 19 Dec 2023 15:25:59 +0900 Subject: [PATCH] drivers/video/isx012: Fix buffer overrun of isx012_putreg() The maximum size of ISX012 register is 4 bytes. So, extend temporary buffer size. Detected by CodeSonar 141893 --- drivers/video/isx012.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/video/isx012.c b/drivers/video/isx012.c index 5c4b69bb90393..d612a689c7523 100644 --- a/drivers/video/isx012.c +++ b/drivers/video/isx012.c @@ -216,7 +216,7 @@ typedef struct isx012_dev_s isx012_dev_t; static uint16_t isx012_getreg(FAR isx012_dev_t *priv, uint16_t regaddr, uint16_t regsize); static int isx012_putreg(FAR isx012_dev_t *priv, uint16_t regaddr, - uint16_t regval, uint16_t regsize); + uint32_t regval, uint16_t regsize); static int isx012_putreglist(FAR isx012_dev_t *priv, FAR const isx012_reg_t *reglist, size_t nentries); #ifdef ISX012_CHECK_IN_DETAIL @@ -676,8 +676,8 @@ static uint16_t isx012_getreg(FAR isx012_dev_t *priv, uint16_t regaddr, uint16_t regsize) { struct i2c_config_s config; - volatile uint16_t regval = 0; - volatile uint8_t buffer[2]; + uint16_t regval = 0; + uint8_t buffer[2]; int ret; /* Set up the I2C configuration */ @@ -719,12 +719,14 @@ static uint16_t isx012_getreg(FAR isx012_dev_t *priv, } static int isx012_putreg(FAR isx012_dev_t *priv, - uint16_t regaddr, uint16_t regval, uint16_t regsize) + uint16_t regaddr, uint32_t regval, uint16_t regsize) { struct i2c_config_s config; - volatile uint8_t buffer[4]; + uint8_t buffer[6]; int ret; + DEBUGASSERT(regsize <= 4); + /* Set up the I2C configuration */ config.frequency = priv->i2c_freq; @@ -779,7 +781,7 @@ static int isx012_chk_int_state(FAR isx012_dev_t *priv, uint32_t wait_time, uint32_t timeout) { int ret = 0; - volatile uint8_t data; + uint8_t data; uint32_t time = 0; nxsig_usleep(delay_time * 1000);