Commit 2132deff authored by Dan Carpenter's avatar Dan Carpenter Committed by Mauro Carvalho Chehab

V4L/DVB: omap24xxcam: potential buffer overflow

The previous loop goes until last == VIDEO_MAX_FRAME, so this could
potentially go one past the end of the loop.
Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Acked-by: default avatarSakari Ailus <sakari.ailus@maxwell.research.nokia.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent 722154e4
...@@ -1405,7 +1405,7 @@ static int omap24xxcam_mmap_buffers(struct file *file, ...@@ -1405,7 +1405,7 @@ static int omap24xxcam_mmap_buffers(struct file *file,
} }
size = 0; size = 0;
for (i = first; i <= last; i++) { for (i = first; i <= last && i < VIDEO_MAX_FRAME; i++) {
struct videobuf_dmabuf *dma = videobuf_to_dma(vbq->bufs[i]); struct videobuf_dmabuf *dma = videobuf_to_dma(vbq->bufs[i]);
for (j = 0; j < dma->sglen; j++) { for (j = 0; j < dma->sglen; j++) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment