|
@@ -4631,8 +4631,16 @@ static void sd_pkt_scan(struct gspca_dev *gspca_dev,
|
|
|
}
|
|
}
|
|
|
data++;
|
|
data++;
|
|
|
len--;
|
|
len--;
|
|
|
|
|
+ if (len < 2) {
|
|
|
|
|
+ gspca_dev->last_packet_type = DISCARD_PACKET;
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
if (*data == 0xff && data[1] == 0xd8) {
|
|
if (*data == 0xff && data[1] == 0xd8) {
|
|
|
/*fixme: there may be information in the 4 high bits*/
|
|
/*fixme: there may be information in the 4 high bits*/
|
|
|
|
|
+ if (len < 7) {
|
|
|
|
|
+ gspca_dev->last_packet_type = DISCARD_PACKET;
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
if ((data[6] & 0x0f) != sd->quality)
|
|
if ((data[6] & 0x0f) != sd->quality)
|
|
|
set_dqt(gspca_dev, data[6] & 0x0f);
|
|
set_dqt(gspca_dev, data[6] & 0x0f);
|
|
|
gspca_frame_add(gspca_dev, FIRST_PACKET,
|
|
gspca_frame_add(gspca_dev, FIRST_PACKET,
|
|
@@ -4672,7 +4680,7 @@ static void sd_pkt_scan(struct gspca_dev *gspca_dev,
|
|
|
gspca_dev->last_packet_type = DISCARD_PACKET;
|
|
gspca_dev->last_packet_type = DISCARD_PACKET;
|
|
|
break;
|
|
break;
|
|
|
case 0xcc:
|
|
case 0xcc:
|
|
|
- if (data[1] != 0xff || data[2] != 0xd8)
|
|
|
|
|
|
|
+ if (len >= 3 && (data[1] != 0xff || data[2] != 0xd8))
|
|
|
gspca_frame_add(gspca_dev, INTER_PACKET,
|
|
gspca_frame_add(gspca_dev, INTER_PACKET,
|
|
|
data + 1, len - 1);
|
|
data + 1, len - 1);
|
|
|
else
|
|
else
|
Hans de Goede