From 2132deff694765bc2e6c7ac84c6b30dab0775256 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 10 Mar 2010 07:57:03 -0300 Subject: V4L/DVB: omap24xxcam: potential buffer overflow The previous loop goes until last == VIDEO_MAX_FRAME, so this could potentially go one past the end of the loop. Signed-off-by: Dan Carpenter Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab --- drivers/media/video/omap24xxcam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/video/omap24xxcam.c b/drivers/media/video/omap24xxcam.c index b189fe63394b..ce76d952e161 100644 --- a/drivers/media/video/omap24xxcam.c +++ b/drivers/media/video/omap24xxcam.c @@ -1405,7 +1405,7 @@ static int omap24xxcam_mmap_buffers(struct file *file, } size = 0; - for (i = first; i <= last; i++) { + for (i = first; i <= last && i < VIDEO_MAX_FRAME; i++) { struct videobuf_dmabuf *dma = videobuf_to_dma(vbq->bufs[i]); for (j = 0; j < dma->sglen; j++) { -- cgit v1.2.2