From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
The check of fse->index is off-by-one and should be using >= rather
than > to check the maximum allowed array index. Fix this.
Detected by CoverityScan, CID#172122 ("Out-of-bounds read")
Fixes: aab7ed1c3927 ("media: i2c: Add driver for Aptina MT9V111")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
drivers/media/i2c/mt9v111.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/mt9v111.c b/drivers/media/i2c/mt9v111.c
index da8f6ab91307..b1d13f1d695e 100644
--- a/drivers/media/i2c/mt9v111.c
+++ b/drivers/media/i2c/mt9v111.c
@@ -848,7 +848,7 @@ static int mt9v111_enum_frame_size(struct v4l2_subdev *subdev,
struct v4l2_subdev_pad_config *cfg,
struct v4l2_subdev_frame_size_enum *fse)
{
- if (fse->pad || fse->index > ARRAY_SIZE(mt9v111_frame_sizes))
+ if (fse->pad || fse->index >= ARRAY_SIZE(mt9v111_frame_sizes))
return -EINVAL;
fse->min_width = mt9v111_frame_sizes[fse->index].width;
--
2.17.1
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
