[Trusty, Vivid, Xenial] [media] mb86a20s: apply mask to val after checking for read failure

[Luis Henriques]

From: Colin Ian King <colin.king at canonical.com>

Appling the mask 0x0f to the immediate return of the call to
mb86a20s_readreg will always result in a positive value, meaning that the
check of ret < 0 will never work.  Instead, check for a -ve return value
first, and then mask val with 0x0f.

Kudos to Mauro Carvalho Chehab for spotting the mistake in my original fix.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab at s-opensource.com>
(cherry picked from commit eca2d34b9d2ce70165a50510659838e28ca22742)
CVE-2016-5400
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/media/dvb-frontends/mb86a20s.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c
index 2c7217fb1415..1c5dfa6ad4fe 100644
--- a/drivers/media/dvb-frontends/mb86a20s.c
+++ b/drivers/media/dvb-frontends/mb86a20s.c
@@ -305,10 +305,11 @@ static int mb86a20s_read_status(struct dvb_frontend *fe, fe_status_t *status)
 
 	*status = 0;
 
-	val = mb86a20s_readreg(state, 0x0a) & 0xf;
+	val = mb86a20s_readreg(state, 0x0a);
 	if (val < 0)
 		return val;
 
+	val &= 0xf;
 	if (val >= 2)
 		*status |= FE_HAS_SIGNAL;