From 12e9c636dfb4fbaf229e884afa8febaecd79b475 Mon Sep 17 00:00:00 2001
From: Jeff Hartmann <jhartmann@valinux.com>
Date: Mon, 18 Jun 2001 19:25:15 +0000
Subject: Fix 5 security bugs found by the Stanford tools

---
 linux/mga_state.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'linux/mga_state.c')

diff --git a/linux/mga_state.c b/linux/mga_state.c
index 99778c58..41b2e9a1 100644
--- a/linux/mga_state.c
+++ b/linux/mga_state.c
@@ -943,6 +943,7 @@ int mga_dma_vertex( struct inode *inode, struct file *filp,
 			     sizeof(vertex) ) )
 		return -EFAULT;
 
+        if(vertex.idx < 0 || vertex.idx > dma->buf_count) return -EINVAL;
 	buf = dma->buflist[vertex.idx];
 	buf_priv = buf->dev_private;
 
@@ -984,6 +985,8 @@ int mga_dma_indices( struct inode *inode, struct file *filp,
 			     sizeof(indices) ) )
 		return -EFAULT;
 
+        if(indices.idx < 0 || indices.idx > dma->buf_count) return -EINVAL;
+
 	buf = dma->buflist[indices.idx];
 	buf_priv = buf->dev_private;
 
@@ -1030,6 +1033,7 @@ int mga_dma_iload( struct inode *inode, struct file *filp,
 		return -EBUSY;
 	}
 #endif
+        if(iload.idx < 0 || iload.idx > dma->buf_count) return -EINVAL;
 
 	buf = dma->buflist[iload.idx];
 	buf_priv = buf->dev_private;
-- 
cgit v1.2.3