si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700

[linux-flexiantxendom0-natty.git] / drivers / media / radio / si4713-i2c.c

diff --git a/drivers/media/radio/si4713-i2c.c b/drivers/media/radio/si4713-i2c.c
index 0fab6f8..924445a 100644 (file)
--- a/drivers/media/radio/si4713-i2c.c
+++ b/drivers/media/radio/si4713-i2c.c
@@ -1033,7 +1033,7 @@ static int si4713_write_econtrol_string(struct si4713_device *sdev,
                char ps_name[MAX_RDS_PS_NAME + 1];
 
                len = control->size - 1;
-               if (len > MAX_RDS_PS_NAME) {
+               if (len < 0 || len > MAX_RDS_PS_NAME) {
                        rval = -ERANGE;
                        goto exit;
                }
@@ -1057,7 +1057,7 @@ static int si4713_write_econtrol_string(struct si4713_device *sdev,
                char radio_text[MAX_RDS_RADIO_TEXT + 1];
 
                len = control->size - 1;
-               if (len > MAX_RDS_RADIO_TEXT) {
+               if (len < 0 || len > MAX_RDS_RADIO_TEXT) {
                        rval = -ERANGE;
                        goto exit;
                }