diff mbox

[7/9] stk-webcam: read buffer overflow

Message ID 200908062301.n76N1IE5030049@imap1.linux-foundation.org (mailing list archive)
State Accepted
Delegated to: Douglas Landgraf
Headers show

Commit Message

Andrew Morton Aug. 6, 2009, 11:01 p.m. UTC 
From: Roel Kluin <roel.kluin@gmail.com>

It tested the value of stk_sizes[i].m before checking whether i was in range.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Trent Piepho <xyzzy@speakeasy.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 drivers/media/video/stk-webcam.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox

Patch

diff -puN drivers/media/video/stk-webcam.c~stk-webcam-read-buffer-overflow drivers/media/video/stk-webcam.c
--- a/drivers/media/video/stk-webcam.c~stk-webcam-read-buffer-overflow
+++ a/drivers/media/video/stk-webcam.c
@@ -1050,8 +1050,8 @@  static int stk_setup_format(struct stk_c
 		depth = 1;
 	else
 		depth = 2;
-	while (stk_sizes[i].m != dev->vsettings.mode
-			&& i < ARRAY_SIZE(stk_sizes))
+	while (i < ARRAY_SIZE(stk_sizes) &&
+			stk_sizes[i].m != dev->vsettings.mode)
 		i++;
 	if (i == ARRAY_SIZE(stk_sizes)) {
 		STK_ERROR("Something is broken in %s\n", __func__);