diff options
author | Roel Kluin <roel.kluin@gmail.com> | 2009-08-10 22:17:25 -0300 |
---|---|---|
committer | Mauro Carvalho Chehab <mchehab@redhat.com> | 2009-08-13 20:39:13 -0300 |
commit | 77f2c2db1146154fb054e9ce955928a66d8c959f (patch) | |
tree | 23e561f2e92ba2f6060b9240187d3be835075aaa /drivers/media/video/stk-webcam.c | |
parent | 01a5fd6ff3fbae9a599d3334a8cca0f00865e360 (diff) |
V4L/DVB (12436): stk-webcam: read buffer overflow
It tested the value of stk_sizes[i].m before checking whether i was in range.
Cc: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Trent Piepho <xyzzy@speakeasy.org>
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Diffstat (limited to 'drivers/media/video/stk-webcam.c')
-rw-r--r-- | drivers/media/video/stk-webcam.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/media/video/stk-webcam.c b/drivers/media/video/stk-webcam.c index 4d6785e6345..b154bd961e3 100644 --- a/drivers/media/video/stk-webcam.c +++ b/drivers/media/video/stk-webcam.c @@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_camera *dev) depth = 1; else depth = 2; - while (stk_sizes[i].m != dev->vsettings.mode - && i < ARRAY_SIZE(stk_sizes)) + while (i < ARRAY_SIZE(stk_sizes) && + stk_sizes[i].m != dev->vsettings.mode) i++; if (i == ARRAY_SIZE(stk_sizes)) { STK_ERROR("Something is broken in %s\n", __func__); |