commit 37238699073e7e93f05517e529661151173cd458 · tjh.dev/kernel

+11

drivers/media/dvb-core/dvb_vb2.c

··· 354 354 355 355 int dvb_vb2_querybuf(struct dvb_vb2_ctx *ctx, struct dmx_buffer *b) 356 356 { 357 + struct vb2_queue *q = &ctx->vb_q; 358 + 359 + if (b->index >= q->num_buffers) { 360 + dprintk(1, "[%s] buffer index out of range\n", ctx->name); 361 + return -EINVAL; 362 + } 357 363 vb2_core_querybuf(&ctx->vb_q, b->index, b); 358 364 dprintk(3, "[%s] index=%d\n", ctx->name, b->index); 359 365 return 0; ··· 384 378 385 379 int dvb_vb2_qbuf(struct dvb_vb2_ctx *ctx, struct dmx_buffer *b) 386 380 { 381 + struct vb2_queue *q = &ctx->vb_q; 387 382 int ret; 388 383 384 + if (b->index >= q->num_buffers) { 385 + dprintk(1, "[%s] buffer index out of range\n", ctx->name); 386 + return -EINVAL; 387 + } 389 388 ret = vb2_core_qbuf(&ctx->vb_q, b->index, b, NULL); 390 389 if (ret) { 391 390 dprintk(1, "[%s] index=%d errno=%d\n", ctx->name,