Commit 77f2c2db authored by Roel Kluin's avatar Roel Kluin Committed by Mauro Carvalho Chehab

V4L/DVB (12436): stk-webcam: read buffer overflow

It tested the value of stk_sizes[i].m before checking whether i was in range.

Cc: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Trent Piepho <xyzzy@speakeasy.org>
Signed-off-by: default avatarRoel Kluin <roel.kluin@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarDouglas Schilling Landgraf <dougsland@redhat.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent 01a5fd6f
...@@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_camera *dev) ...@@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_camera *dev)
depth = 1; depth = 1;
else else
depth = 2; depth = 2;
while (stk_sizes[i].m != dev->vsettings.mode while (i < ARRAY_SIZE(stk_sizes) &&
&& i < ARRAY_SIZE(stk_sizes)) stk_sizes[i].m != dev->vsettings.mode)
i++; i++;
if (i == ARRAY_SIZE(stk_sizes)) { if (i == ARRAY_SIZE(stk_sizes)) {
STK_ERROR("Something is broken in %s\n", __func__); STK_ERROR("Something is broken in %s\n", __func__);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment