update kernel to 5.10.198

hc

2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf

 kernel/drivers/media/usb/dvb-usb-v2/rtl28xxu.c
..
..
@@ -176,6 +176,10 @@
176
176
 			ret = -EOPNOTSUPP;
177
177
 			goto err_mutex_unlock;
178
178
 		} else if (msg[0].addr == 0x10) {
179
+			if (msg[0].len < 1 || msg[1].len < 1) {
180
+				ret = -EOPNOTSUPP;
181
+				goto err_mutex_unlock;
182
+			}
179
183
 			/* method 1 - integrated demod */
180
184
 			if (msg[0].buf[0] == 0x00) {
181
185
 				/* return demod page from driver cache */
..
..
@@ -189,6 +193,10 @@
189
193
 				ret = rtl28xxu_ctrl_msg(d, &req);
190
194
 			}
191
195
 		} else if (msg[0].len < 2) {
196
+			if (msg[0].len < 1) {
197
+				ret = -EOPNOTSUPP;
198
+				goto err_mutex_unlock;
199
+			}
192
200
 			/* method 2 - old I2C */
193
201
 			req.value = (msg[0].buf[0] << 8) | (msg[0].addr << 1);
194
202
 			req.index = CMD_I2C_RD;
..
..
@@ -217,8 +225,16 @@
217
225
 			ret = -EOPNOTSUPP;
218
226
 			goto err_mutex_unlock;
219
227
 		} else if (msg[0].addr == 0x10) {
228
+			if (msg[0].len < 1) {
229
+				ret = -EOPNOTSUPP;
230
+				goto err_mutex_unlock;
231
+			}
220
232
 			/* method 1 - integrated demod */
221
233
 			if (msg[0].buf[0] == 0x00) {
234
+				if (msg[0].len < 2) {
235
+					ret = -EOPNOTSUPP;
236
+					goto err_mutex_unlock;
237
+				}
222
238
 				/* save demod page for later demod access */
223
239
 				dev->page = msg[0].buf[1];
224
240
 				ret = 0;
..
..
@@ -231,6 +247,10 @@
231
247
 				ret = rtl28xxu_ctrl_msg(d, &req);
232
248
 			}
233
249
 		} else if ((msg[0].len < 23) && (!dev->new_i2c_write)) {
250
+			if (msg[0].len < 1) {
251
+				ret = -EOPNOTSUPP;
252
+				goto err_mutex_unlock;
253
+			}
234
254
 			/* method 2 - old I2C */
235
255
 			req.value = (msg[0].buf[0] << 8) | (msg[0].addr << 1);
236
256
 			req.index = CMD_I2C_WR;