From patchwork Wed Mar 10 10:57:03 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 84530 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o2AAvO5R001295 for ; Wed, 10 Mar 2010 10:57:24 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756250Ab0CJK5V (ORCPT ); Wed, 10 Mar 2010 05:57:21 -0500 Received: from mail-wy0-f174.google.com ([74.125.82.174]:65071 "EHLO mail-wy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755199Ab0CJK5V (ORCPT ); Wed, 10 Mar 2010 05:57:21 -0500 Received: by wyb38 with SMTP id 38so35037wyb.19 for ; Wed, 10 Mar 2010 02:57:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=hKwI/7o9YGUuylDGvVgLHpIwjapElgYCk0MaSFnn+v4=; b=AvggY1Xvt3cGYJXNYVRkH7yRfMr7WYE1R5l1ICUmrwiwxgLXmRmkThSimhRB4y9Krd bICVGA/5/lCTIugH3zw6TZQbql054+XaY1k1+ZZzp1i6ObfIMNtDH1wbj6vqorTqCxhz G7K3gVkT9yHIc/B3AQFh00a9eNov7le1FGzlk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=E8fkJFfc+t/G5hywtMCxNfU/RE1Dx9rkGRrcwMOA+8FRvdnPdrRvGrTuZ3vsXu+ZdZ O7rYHN3iSP8/3IYqTM5sby6U6MjXNYMyvRWv7ucHEs2UdLSFbDzV+Y6KHeU3wldck/xd NV3pQKT9/HziqDqzyl7bIxg9cvmAwITdhraqk= Received: by 10.216.86.210 with SMTP id w60mr795306wee.48.1268218639175; Wed, 10 Mar 2010 02:57:19 -0800 (PST) Received: from bicker ([196.43.68.85]) by mx.google.com with ESMTPS id t12sm20794203gvd.22.2010.03.10.02.57.12 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 10 Mar 2010 02:57:18 -0800 (PST) Date: Wed, 10 Mar 2010 13:57:03 +0300 From: Dan Carpenter To: linux-media@vger.kernel.org Cc: Mauro Carvalho Chehab , Laurent Pinchart , Greg Kroah-Hartman , Trent Piepho , Hans Verkuil , kernel-janitors@vger.kernel.org, sakari.ailus@nokia.com Subject: [patch] omap24xxcam: potential buffer overflow Message-ID: <20100310105703.GD6321@bicker> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]); Wed, 10 Mar 2010 10:57:24 +0000 (UTC) diff --git a/drivers/media/video/omap24xxcam.c b/drivers/media/video/omap24xxcam.c index 142c327..bedbee9 100644 --- a/drivers/media/video/omap24xxcam.c +++ b/drivers/media/video/omap24xxcam.c @@ -1404,7 +1404,7 @@ static int omap24xxcam_mmap_buffers(struct file *file, } size = 0; - for (i = first; i <= last; i++) { + for (i = first; i <= last && i < VIDEO_MAX_FRAME; i++) { struct videobuf_dmabuf *dma = videobuf_to_dma(vbq->bufs[i]); for (j = 0; j < dma->sglen; j++) {