V4L/DVB (12436): stk-webcam: read buffer overflow

It tested the value of stk_sizes[i].m before checking whether i was in range.

Cc: Hans Verkuil <[email protected]>
Cc: Trent Piepho <[email protected]>
Signed-off-by: Roel Kluin <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Douglas Schilling Landgraf <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>

diff --git a/drivers/media/video/stk-webcam.c b/drivers/media/video/stk-webcam.c
index 4d6785e634556fbba9bc87a89708302907f40a0c..b154bd961e3b74472d7efccf367c8447004d0f84 100644 (file)
--- a/drivers/media/video/stk-webcam.c
+++ b/drivers/media/video/stk-webcam.c
@@ -1050,8 +1050,8 @@ static int stk_setup_format(struct stk_camera *dev)
                depth = 1;
        else
                depth = 2;
-       while (stk_sizes[i].m != dev->vsettings.mode
-                       && i < ARRAY_SIZE(stk_sizes))
+       while (i < ARRAY_SIZE(stk_sizes) &&
+                       stk_sizes[i].m != dev->vsettings.mode)
                i++;
        if (i == ARRAY_SIZE(stk_sizes)) {
                STK_ERROR("Something is broken in %s\n", __func__);