[V4L] off by one error in bttv-driver.c

Fri, 22 Mar 2002 04:52:28 -0800 

Hi Gerd et all,

I think there's a off-by-one error in bttv-driver.c (bttv 0.8.37):
[..]
                if (b->index < 0 || b->index > VIDEO_MAX_FRAME)
                        return -EINVAL;
[..]
twice, once for VIDIOC_QUERYBUF and once for VIDIOC_QBUF (both in the
ioctl handler function in bttv-driver.c). It should be "b->index >=
VIDEO_MAX_FRAME" instead of "b->index > VIDEO_MAX_FRAME".

Attached is a small patch to correct that.

Ronald

-- 
-   .-.
-   /V\    | Ronald Bultje <[EMAIL PROTECTED]>
-  // \\   | Running: Linux 2.4.18-XFS and OpenBSD 3.0
- /(   )\  | http://ronald.bitfreak.net/
-  ^^-^^

--- bttv-driver-orig.c  Fri Mar 22 14:02:03 2002
+++ bttv-driver.c       Fri Mar 22 14:02:42 2002
@@ -2239,7 +2239,7 @@
 
                if ((b->type & V4L2_BUF_TYPE_field) != V4L2_BUF_TYPE_CAPTURE)
                        return -EINVAL;
-               if (b->index < 0 || b->index > VIDEO_MAX_FRAME)
+               if (b->index < 0 || b->index >= VIDEO_MAX_FRAME)
                        return -EINVAL;
                if (NULL == fh->bufs[b->index])
                        return -EINVAL;
@@ -2254,7 +2254,7 @@
 
                if ((b->type & V4L2_BUF_TYPE_field) != V4L2_BUF_TYPE_CAPTURE)
                        return -EINVAL;
-               if (b->index < 0 || b->index > VIDEO_MAX_FRAME)
+               if (b->index < 0 || b->index >= VIDEO_MAX_FRAME)
                        return -EINVAL;
 
                down(&fh->lock);

Reply via email to