summaryrefslogtreecommitdiffstats
path: root/sound/oss/soundcard.c
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2010-01-03 12:39:27 +0100
committerJaroslav Kysela <perex@perex.cz>2010-01-08 09:17:51 +0100
commit444c1953d496d272208902ff7010dc70d1f887f0 (patch)
tree40aa1e10f108818b3b7d12384229c0501aeb5a12 /sound/oss/soundcard.c
parent440b004cf953bec2bc8cd91c64ae707fd7e25327 (diff)
downloadlinux-stable-444c1953d496d272208902ff7010dc70d1f887f0.tar.gz
linux-stable-444c1953d496d272208902ff7010dc70d1f887f0.tar.bz2
linux-stable-444c1953d496d272208902ff7010dc70d1f887f0.zip
sound: oss: off by one bug
The problem is that in the original code sound_nblocks could go up to 1024 which would be an array overflow. This was found with a static checker and has been compile tested only. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Diffstat (limited to 'sound/oss/soundcard.c')
-rw-r--r--sound/oss/soundcard.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/sound/oss/soundcard.c b/sound/oss/soundcard.c
index 61aaedae6b7e..c62530943888 100644
--- a/sound/oss/soundcard.c
+++ b/sound/oss/soundcard.c
@@ -56,7 +56,7 @@
/*
* Table for permanently allocated memory (used when unloading the module)
*/
-void * sound_mem_blocks[1024];
+void * sound_mem_blocks[MAX_MEM_BLOCKS];
int sound_nblocks = 0;
/* Persistent DMA buffers */
@@ -574,7 +574,7 @@ static int __init oss_init(void)
NULL, "%s%d", dev_list[i].name, j);
}
- if (sound_nblocks >= 1024)
+ if (sound_nblocks >= MAX_MEM_BLOCKS - 1)
printk(KERN_ERR "Sound warning: Deallocation table was too small.\n");
return 0;