From: Sylwester Nawrocki Date: Wed, 5 Dec 2012 16:40:04 +0000 (-0300) Subject: [media] s5p-fimc: Prevent potential buffer overflow X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=a8697ec8c7f3ab7331bc3210c3b89563356f8de5;p=openwrt%2Fstaging%2Fblogic.git [media] s5p-fimc: Prevent potential buffer overflow Replace the hard coded csi_sensors[] array size with a relevant constant to make sure we don't iterate beyond the actual array. Signed-off-by: Sylwester Nawrocki Signed-off-by: Kyungmin Park Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/platform/s5p-fimc/fimc-mdevice.c b/drivers/media/platform/s5p-fimc/fimc-mdevice.c index 8b43f982c12d..e77dba7a97b8 100644 --- a/drivers/media/platform/s5p-fimc/fimc-mdevice.c +++ b/drivers/media/platform/s5p-fimc/fimc-mdevice.c @@ -627,7 +627,7 @@ static int __fimc_md_create_flite_source_links(struct fimc_md *fmd) */ static int fimc_md_create_links(struct fimc_md *fmd) { - struct v4l2_subdev *csi_sensors[2] = { NULL }; + struct v4l2_subdev *csi_sensors[CSIS_MAX_ENTITIES] = { NULL }; struct v4l2_subdev *sensor, *csis; struct s5p_fimc_isp_info *pdata; struct fimc_sensor_info *s_info; @@ -692,7 +692,7 @@ static int fimc_md_create_links(struct fimc_md *fmd) pad, link_mask); } - for (i = 0; i < ARRAY_SIZE(fmd->csis); i++) { + for (i = 0; i < CSIS_MAX_ENTITIES; i++) { if (fmd->csis[i].sd == NULL) continue; source = &fmd->csis[i].sd->entity;