V4L/DVB (12436): stk-webcam: read buffer overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

It tested the value of stk_sizes[i].m before checking whether i was in range.

Cc: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Trent Piepho <xyzzy@speakeasy.org>
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

authored by

Roel Kluin and committed by

Mauro Carvalho Chehab 16 years ago 77f2c2db 01a5fd6f

+2 -2

1 changed file

expand all

drivers

media

video

stk-webcam.c

+2 -2

drivers/media/video/stk-webcam.c

··· 1050 1050 depth = 1; 1051 1051 else 1052 1052 depth = 2; 1053 - while (stk_sizes[i].m != dev->vsettings.mode 1054 - && i < ARRAY_SIZE(stk_sizes)) 1053 + while (i < ARRAY_SIZE(stk_sizes) && 1054 + stk_sizes[i].m != dev->vsettings.mode) 1055 1055 i++; 1056 1056 if (i == ARRAY_SIZE(stk_sizes)) { 1057 1057 STK_ERROR("Something is broken in %s\n", __func__);