Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ed18d0c8 authored by Roel Kluin's avatar Roel Kluin Committed by Mauro Carvalho Chehab
Browse files

V4L/DVB (12337): ivtv: Read buffer overflow 



This mistakenly tests against sizeof(freqs) instead of the array size. Due to
the mask the only illegal value possible was 3.

Signed-off-by: default avatarRoel Kluin <roel.kluin@gmail.com>
Signed-off-by: default avatarAndy Walls <awalls@radix.net>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent 5b766182

drivers/media/video/ivtv/ivtv-controls.c

+2 −1
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
    along with this program; if not, write to the Free Software

    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 */

#include <linux/kernel.h>



#include "ivtv-driver.h"

#include "ivtv-cards.h"
@@ -281,7 +282,7 @@ int ivtv_s_ext_ctrls(struct file *file, void *fh, struct v4l2_ext_controls *c) 
		idx = p.audio_properties & 0x03;

		/* The audio clock of the digitizer must match the codec sample

		   rate otherwise you get some very strange effects. */

		if (idx < sizeof(freqs))

		if (idx < ARRAY_SIZE(freqs))

			ivtv_call_all(itv, audio, s_clock_freq, freqs[idx]);

		return err;

	}