From: Roel Kluin <roel.kl...@gmail.com>
It tested the value of stk_sizes[i].m before checking whether i was in range.
Signed-off-by: Roel Kluin <roel.kl...@gmail.com>
Cc: Mauro Carvalho Chehab <mche...@infradead.org>
Cc: Hans Verkuil <hverk...@xs4all.nl>
Cc: Trent Piepho <xy...@speakeasy.org>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
---
drivers/media/video/stk-webcam.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -puN drivers/media/video/stk-webcam.c~stk-webcam-read-buffer-overflow
drivers/media/video/stk-webcam.c
--- a/drivers/media/video/stk-webcam.c~stk-webcam-read-buffer-overflow
+++ a/drivers/media/video/stk-webcam.c
@@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_c
depth = 1;
else
depth = 2;
- while (stk_sizes[i].m != dev->vsettings.mode
- && i < ARRAY_SIZE(stk_sizes))
+ while (i < ARRAY_SIZE(stk_sizes) &&
+ stk_sizes[i].m != dev->vsettings.mode)
i++;
if (i == ARRAY_SIZE(stk_sizes)) {
STK_ERROR("Something is broken in %s\n", __func__);
_
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
