V4L/DVB (12338): cx18: Read buffer overflow

This mistakenly tested against sizeof(freqs) instead of the array size. Due to the mask the only illegal value possible was 3. Reported-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Andy Walls <awalls@radix.net> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

V4L/DVB (12338): cx18: Read buffer overflow
This mistakenly tested against sizeof(freqs) instead of the array size. Due to the mask the only illegal value possible was 3. Reported-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Andy Walls <awalls@radix.net> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
225aeb1c · Andy Walls · Mauro Carvalho Chehab · ed18d0c8 · 225aeb1c
Commit 225aeb1c authored Jul 23, 2009 by Andy Walls Committed by Mauro Carvalho Chehab Aug 13, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

drivers/media/video/cx18/cx18-controls.c drivers/media/video/cx18/cx18-controls.c +2 -1

No files found.
--- a/drivers/media/video/cx18/cx18-controls.c
+++ b/drivers/media/video/cx18/cx18-controls.c
@@ -20,6 +20,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
 *  02111-1307  USA
 */
+#include <linux/kernel.h>

 #include "cx18-driver.h"
 #include "cx18-cards.h"
@@ -317,7 +318,7 @@ int cx18_s_ext_ctrls(struct file *file, void *fh, struct v4l2_ext_controls *c)
 		idx = p.audio_properties & 0x03;
 		/* The audio clock of the digitizer must match the codec sample
 		   rate otherwise you get some very strange effects. */
-		if (idx < sizeof(freqs))
+		if (idx < ARRAY_SIZE(freqs))
 			cx18_call_all(cx, audio, s_clock_freq, freqs[idx]);
 		return err;
 	}