Commit a8697ec8 authored by Sylwester Nawrocki's avatar Sylwester Nawrocki Committed by Mauro Carvalho Chehab
Browse files

[media] s5p-fimc: Prevent potential buffer overflow 



Replace the hard coded csi_sensors[] array size with a relevant
constant to make sure we don't iterate beyond the actual array.

Signed-off-by: default avatarSylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: default avatarKyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent 6612545f

drivers/media/platform/s5p-fimc/fimc-mdevice.c

+2 −2
Original line number Diff line number Diff line
@@ -627,7 +627,7 @@ static int __fimc_md_create_flite_source_links(struct fimc_md *fmd) 
 */

static int fimc_md_create_links(struct fimc_md *fmd)

{

	struct v4l2_subdev *csi_sensors[2] = { NULL };

	struct v4l2_subdev *csi_sensors[CSIS_MAX_ENTITIES] = { NULL };

	struct v4l2_subdev *sensor, *csis;

	struct s5p_fimc_isp_info *pdata;

	struct fimc_sensor_info *s_info;
@@ -692,7 +692,7 @@ static int fimc_md_create_links(struct fimc_md *fmd) 
						       pad, link_mask);

	}



	for (i = 0; i < ARRAY_SIZE(fmd->csis); i++) {

	for (i = 0; i < CSIS_MAX_ENTITIES; i++) {

		if (fmd->csis[i].sd == NULL)

			continue;

		source = &fmd->csis[i].sd->entity;

CRA Git | Maintained and supported by SUSTech CRA and CCSE