From a460ad62260def15c42130de253d6cfc32528a2f Mon Sep 17 00:00:00 2001
From: Phillip Susi <psusi@cfl.rr.com>
Date: Sat, 4 Feb 2006 23:27:44 -0800
Subject: [PATCH] pktcdvd: Fix overflow for discs with large packets

The pktcdvd driver was using an 8 bit field to store the packet length
obtained from the disc track info.  This causes it to overflow packet length
values of 128KB or more.  I changed the field to 32 bits to fix this.

The pktcdvd driver defaulted to its maximum allowed packet length when it
detected a 0 in the track info field.  I changed this to fail the operation
and refuse to access the media.  This seems more sane than attempting to
access it with a value that almost certainly will not work.

Signed-off-by: Peter Osterlund <petero2@telia.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---
 drivers/block/pktcdvd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'drivers/block/pktcdvd.c')

diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 93affeeef7b..d95e7e1ac35 100644
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
@@ -1639,7 +1639,7 @@ static int pkt_probe_settings(struct pktcdvd_device *pd)
 	pd->settings.size = be32_to_cpu(ti.fixed_packet_size) << 2;
 	if (pd->settings.size == 0) {
 		printk("pktcdvd: detected zero packet size!\n");
-		pd->settings.size = 128;
+		return -ENXIO;
 	}
 	if (pd->settings.size > PACKET_MAX_SECTORS) {
 		printk("pktcdvd: packet size is too big\n");
-- 
cgit v1.2.3