[media] coda: improve safety in coda_register_device()

The "i" variable is used as an offset into both the dev->vfd[] and the
dev->devtype->vdevs[] arrays.  The second array is smaller so we should
use that as a limit instead of ARRAY_SIZE(dev->vfd).  Also the original
check was off by one.

We should use a format string as well in case the ->name has any funny
characters and also to stop static checkers from complaining.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
This commit is contained in:
Dan Carpenter 2015-01-08 07:07:08 -03:00 committed by Mauro Carvalho Chehab
parent 35655bf854
commit 88ca3af44b

View File

@ -1844,10 +1844,11 @@ static int coda_register_device(struct coda_dev *dev, int i)
{
struct video_device *vfd = &dev->vfd[i];
if (i > ARRAY_SIZE(dev->vfd))
if (i >= dev->devtype->num_vdevs)
return -EINVAL;
snprintf(vfd->name, sizeof(vfd->name), dev->devtype->vdevs[i]->name);
snprintf(vfd->name, sizeof(vfd->name), "%s",
dev->devtype->vdevs[i]->name);
vfd->fops = &coda_fops;
vfd->ioctl_ops = &coda_ioctl_ops;
vfd->release = video_device_release_empty,