From 174e60adf4bfb849672b3b2afdd3cfd6e65d1d3d Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 23 Aug 2013 05:33:06 -0300 Subject: [PATCH] [media] s5k6aa: off by one in s5k6aa_enum_frame_interval() The check is off by one so we could read one space past the end of the array. Signed-off-by: Dan Carpenter Acked-by: Laurent Pinchart Signed-off-by: Sylwester Nawrocki Signed-off-by: Mauro Carvalho Chehab --- drivers/media/i2c/s5k6aa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/i2c/s5k6aa.c b/drivers/media/i2c/s5k6aa.c index 789c02a6ca1a..629a5cdadd3a 100644 --- a/drivers/media/i2c/s5k6aa.c +++ b/drivers/media/i2c/s5k6aa.c @@ -1003,7 +1003,7 @@ static int s5k6aa_enum_frame_interval(struct v4l2_subdev *sd, const struct s5k6aa_interval *fi; int ret = 0; - if (fie->index > ARRAY_SIZE(s5k6aa_intervals)) + if (fie->index >= ARRAY_SIZE(s5k6aa_intervals)) return -EINVAL; v4l_bound_align_image(&fie->width, S5K6AA_WIN_WIDTH_MIN, -- 2.20.1