From patchwork Thu Aug 6 23:01:18 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 1943 Return-path: Envelope-to: mchehab@infradead.org Delivery-date: Thu, 06 Aug 2009 23:01:32 +0000 Received: from bombadil.infradead.org [18.85.46.34] by pedra.chehab.org with IMAP (fetchmail-6.3.6) for (single-drop); Fri, 07 Aug 2009 10:43:24 -0300 (BRT) Received: from vger.kernel.org ([209.132.176.167]) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1MZBxk-0006ch-HU; Thu, 06 Aug 2009 23:01:32 +0000 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756790AbZHFXB2 (ORCPT + 1 other); Thu, 6 Aug 2009 19:01:28 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1756787AbZHFXB2 (ORCPT ); Thu, 6 Aug 2009 19:01:28 -0400 Received: from smtp1.linux-foundation.org ([140.211.169.13]:45018 "EHLO smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756790AbZHFXB1 (ORCPT ); Thu, 6 Aug 2009 19:01:27 -0400 Received: from imap1.linux-foundation.org (imap1.linux-foundation.org [140.211.169.55]) by smtp1.linux-foundation.org (8.14.2/8.13.5/Debian-3ubuntu1.1) with ESMTP id n76N1Jd6016174 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Aug 2009 16:01:20 -0700 Received: from localhost.localdomain (localhost [127.0.0.1]) by imap1.linux-foundation.org (8.13.5.20060308/8.13.5/Debian-3ubuntu1.1) with ESMTP id n76N1IE5030049; Thu, 6 Aug 2009 16:01:18 -0700 Message-Id: <200908062301.n76N1IE5030049@imap1.linux-foundation.org> Subject: [patch 7/9] stk-webcam: read buffer overflow To: mchehab@infradead.org Cc: linux-media@vger.kernel.org, akpm@linux-foundation.org, roel.kluin@gmail.com, hverkuil@xs4all.nl, xyzzy@speakeasy.org From: akpm@linux-foundation.org Date: Thu, 06 Aug 2009 16:01:18 -0700 X-Spam-Status: No, hits=-3.511 required=5 tests=AWL, BAYES_00, OSDL_HEADER_SUBJECT_BRACKETED X-Spam-Checker-Version: SpamAssassin 3.2.4-osdl_revision__1.47__ X-MIMEDefang-Filter: lf$Revision: 1.188 $ X-Scanned-By: MIMEDefang 2.63 on 140.211.169.13 Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Roel Kluin It tested the value of stk_sizes[i].m before checking whether i was in range. Signed-off-by: Roel Kluin Cc: Mauro Carvalho Chehab Cc: Hans Verkuil Cc: Trent Piepho Signed-off-by: Andrew Morton --- drivers/media/video/stk-webcam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff -puN drivers/media/video/stk-webcam.c~stk-webcam-read-buffer-overflow drivers/media/video/stk-webcam.c --- a/drivers/media/video/stk-webcam.c~stk-webcam-read-buffer-overflow +++ a/drivers/media/video/stk-webcam.c @@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_c depth = 1; else depth = 2; - while (stk_sizes[i].m != dev->vsettings.mode - && i < ARRAY_SIZE(stk_sizes)) + while (i < ARRAY_SIZE(stk_sizes) && + stk_sizes[i].m != dev->vsettings.mode) i++; if (i == ARRAY_SIZE(stk_sizes)) { STK_ERROR("Something is broken in %s\n", __func__);