diff options
| author | Dan Carpenter <error27@gmail.com> | 2010-01-03 12:39:27 +0100 |
|---|---|---|
| committer | Jaroslav Kysela <perex@perex.cz> | 2010-01-08 09:17:51 +0100 |
| commit | 444c1953d496d272208902ff7010dc70d1f887f0 (patch) | |
| tree | 40aa1e10f108818b3b7d12384229c0501aeb5a12 /sound/oss/soundcard.c | |
| parent | 440b004cf953bec2bc8cd91c64ae707fd7e25327 (diff) | |
| download | linux-stable-444c1953d496d272208902ff7010dc70d1f887f0.tar.gz linux-stable-444c1953d496d272208902ff7010dc70d1f887f0.tar.bz2 linux-stable-444c1953d496d272208902ff7010dc70d1f887f0.zip | |
sound: oss: off by one bug
The problem is that in the original code sound_nblocks could go up to 1024
which would be an array overflow.
This was found with a static checker and has been compile tested only.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Diffstat (limited to 'sound/oss/soundcard.c')
| -rw-r--r-- | sound/oss/soundcard.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sound/oss/soundcard.c b/sound/oss/soundcard.c index 61aaedae6b7e..c62530943888 100644 --- a/sound/oss/soundcard.c +++ b/sound/oss/soundcard.c @@ -56,7 +56,7 @@ /* * Table for permanently allocated memory (used when unloading the module) */ -void * sound_mem_blocks[1024]; +void * sound_mem_blocks[MAX_MEM_BLOCKS]; int sound_nblocks = 0; /* Persistent DMA buffers */ @@ -574,7 +574,7 @@ static int __init oss_init(void) NULL, "%s%d", dev_list[i].name, j); } - if (sound_nblocks >= 1024) + if (sound_nblocks >= MAX_MEM_BLOCKS - 1) printk(KERN_ERR "Sound warning: Deallocation table was too small.\n"); return 0; |