V4L/DVB (12337): ivtv: Read buffer overflow
authorRoel Kluin <roel.kluin@gmail.com>
Fri, 24 Jul 2009 00:46:57 +0000 (21:46 -0300)
committerMauro Carvalho Chehab <mchehab@redhat.com>
Thu, 13 Aug 2009 23:39:02 +0000 (20:39 -0300)
This mistakenly tests against sizeof(freqs) instead of the array size. Due to
the mask the only illegal value possible was 3.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Andy Walls <awalls@radix.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
drivers/media/video/ivtv/ivtv-controls.c

index a3b77ed3f08949a58729ea1edda921cb762d0dc7..4a9c8ce0ecb307cc07d167a0c6685bcd3583fefe 100644 (file)
@@ -17,6 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
+#include <linux/kernel.h>
 
 #include "ivtv-driver.h"
 #include "ivtv-cards.h"
@@ -281,7 +282,7 @@ int ivtv_s_ext_ctrls(struct file *file, void *fh, struct v4l2_ext_controls *c)
                idx = p.audio_properties & 0x03;
                /* The audio clock of the digitizer must match the codec sample
                   rate otherwise you get some very strange effects. */
-               if (idx < sizeof(freqs))
+               if (idx < ARRAY_SIZE(freqs))
                        ivtv_call_all(itv, audio, s_clock_freq, freqs[idx]);
                return err;
        }