From f1f1d841250e56e65222123f52c87e33f58d2e87 Mon Sep 17 00:00:00 2001
From: Andy Walls <awalls@radix.net>
Date: Thu, 23 Jul 2009 20:46:57 -0400
Subject: ivtv: Read buffer overflow

From: Roel Kluin <roel.kluin@gmail.com>

This mistakenly tests against sizeof(freqs) instead of the array size. Due to
the mask the only illegal value possible was 3.

Priority: high

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Andy Walls <awalls@radix.net>
---
 linux/drivers/media/video/ivtv/ivtv-controls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'linux/drivers/media')

diff --git a/linux/drivers/media/video/ivtv/ivtv-controls.c b/linux/drivers/media/video/ivtv/ivtv-controls.c
index a3b77ed3f..4a9c8ce0e 100644
--- a/linux/drivers/media/video/ivtv/ivtv-controls.c
+++ b/linux/drivers/media/video/ivtv/ivtv-controls.c
@@ -17,6 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
+#include <linux/kernel.h>
 
 #include "ivtv-driver.h"
 #include "ivtv-cards.h"
@@ -281,7 +282,7 @@ int ivtv_s_ext_ctrls(struct file *file, void *fh, struct v4l2_ext_controls *c)
 		idx = p.audio_properties & 0x03;
 		/* The audio clock of the digitizer must match the codec sample
 		   rate otherwise you get some very strange effects. */
-		if (idx < sizeof(freqs))
+		if (idx < ARRAY_SIZE(freqs))
 			ivtv_call_all(itv, audio, s_clock_freq, freqs[idx]);
 		return err;
 	}
-- 
cgit v1.2.3