V4L/DVB (12436): stk-webcam: read buffer overflow

It tested the value of stk_sizes[i].m before checking whether i was in range. Cc: Hans Verkuil <hverkuil@xs4all.nl> Cc: Trent Piepho <xyzzy@speakeasy.org> Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

V4L/DVB (12436): stk-webcam: read buffer overflow
It tested the value of stk_sizes[i].m before checking whether i was in range. Cc: Hans Verkuil <hverkuil@xs4all.nl> Cc: Trent Piepho <xyzzy@speakeasy.org> Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
77f2c2db · Roel Kluin · Mauro Carvalho Chehab · 01a5fd6f · 77f2c2db
Commit 77f2c2db authored Aug 10, 2009 by Roel Kluin Committed by Mauro Carvalho Chehab Aug 13, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

drivers/media/video/stk-webcam.c drivers/media/video/stk-webcam.c +2 -2

No files found.
--- a/drivers/media/video/stk-webcam.c
+++ b/drivers/media/video/stk-webcam.c
@@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_camera *dev)
 		depth = 1;
 	else
 		depth = 2;
-	while (stk_sizes[i].m != dev->vsettings.mode
-			&& i < ARRAY_SIZE(stk_sizes))
+	while (i < ARRAY_SIZE(stk_sizes) &&
+			stk_sizes[i].m != dev->vsettings.mode)
 		i++;
 	if (i == ARRAY_SIZE(stk_sizes)) {
 		STK_ERROR("Something is broken in %s\n", __func__);