mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

V4L/DVB (12436): stk-webcam: read buffer overflow 

It tested the value of stk_sizes[i].m before checking whether i was in range.

Cc: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Trent Piepho <xyzzy@speakeasy.org>
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
This commit is contained in:
Roel Kluin 2009-08-10 22:17:25 -03:00 committed by Mauro Carvalho Chehab
parent 01a5fd6ff3
commit 77f2c2db11
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/media/video/stk-webcam.c
View File

@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_camera *dev)
depth = 1;
else
depth = 2;
while (stk_sizes[i].m != dev->vsettings.mode
&& i < ARRAY_SIZE(stk_sizes))
while (i < ARRAY_SIZE(stk_sizes) &&
stk_sizes[i].m != dev->vsettings.mode)
i++;
if (i == ARRAY_SIZE(stk_sizes)) {
STK_ERROR("Something is broken in %s\n", __func__);