forked from Minki/linux
sisfb: read buffer overflow
If called with mode_idx = 1, rate = 68, a read occurs from sisfb_vrate[-1].refresh. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Krzysztof Helt <krzysztof.h1@poczta.fm> Cc: Thomas Winischhofer <thomas@winischhofer.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
2f93e8f482
commit
d63870db3c
@ -698,8 +698,8 @@ sisfb_search_refresh_rate(struct sis_video_info *ivideo, unsigned int rate, int
|
||||
rate, sisfb_vrate[i].refresh);
|
||||
ivideo->rate_idx = sisfb_vrate[i].idx;
|
||||
ivideo->refresh_rate = sisfb_vrate[i].refresh;
|
||||
} else if(((rate - sisfb_vrate[i-1].refresh) <= 2)
|
||||
&& (sisfb_vrate[i].idx != 1)) {
|
||||
} else if((sisfb_vrate[i].idx != 1) &&
|
||||
((rate - sisfb_vrate[i-1].refresh) <= 2)) {
|
||||
DPRINTK("sisfb: Adjusting rate from %d down to %d\n",
|
||||
rate, sisfb_vrate[i-1].refresh);
|
||||
ivideo->rate_idx = sisfb_vrate[i-1].idx;
|
||||
|
Loading…
Reference in New Issue
Block a user