Revision - 47810b4 - [media] si2168: Bounds check firmware - origin: https://github.com/torvalds/linux

visit type:

https://github.com/torvalds/linux

05 April 2024, 19:05:47 UTC

Revision 47810b4341ac9d2f558894bc5995e6fa2a1298f9 authored by Laura Abbott on 30 September 2015, 00:10:09 UTC, committed by Mauro Carvalho Chehab on 22 October 2015, 17:48:25 UTC

[media] si2168: Bounds check firmware

When reading the firmware and sending commands, the length must
be bounds checked to avoid overrunning the size of the command
buffer and smashing the stack if the firmware is not in the expected
format:

si2168 11-0064: found a 'Silicon Labs Si2168-B40'
si2168 11-0064: downloading firmware from file 'dvb-demod-si2168-b40-01.fw'
si2168 11-0064: firmware download failed -95
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa085708f

Add the proper check.

Cc: stable@kernel.org
Reported-by: Stuart Auchterlonie <sauchter@redhat.com>
Reviewed-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>

1 parent a828d72

Files
Changes

Permalinks

Tip revision: 47810b4341ac9d2f558894bc5995e6fa2a1298f9 authored by Laura Abbott on 30 September 2015, 00:10:09 UTC
[media] si2168: Bounds check firmware

Tip revision: 47810b4

Kconfig.debug

menu "Kernel hacking"

config PROFILING
	bool "Kernel profiling support"

config SYSTEM_PROFILER
	bool "System profiling support"

source "lib/Kconfig.debug"

config ETRAX_KGDB
	bool "Use kernel GDB debugger"
	depends on DEBUG_KERNEL
	---help---
	  The CRIS version of gdb can be used to remotely debug a running
	  Linux kernel via the serial debug port.  Provided you have gdb-cris
	  installed, run gdb-cris vmlinux, then type

	  (gdb) set remotebaud 115200           <- kgdb uses 115200 as default
	  (gdb) target remote /dev/ttyS0        <- maybe you use another port

	  This should connect you to your booted kernel (or boot it now if you
	  didn't before).  The kernel halts when it boots, waiting for gdb if
	  this option is turned on!


config DEBUG_NMI_OOPS
	bool "NMI causes oops printout"
	depends on DEBUG_KERNEL
	help
	  If the system locks up without any debug information you can say Y
	  here to make it possible to dump an OOPS with an external NMI.

config NO_SEGFAULT_TERMINATION
	bool "Keep segfaulting processes"
	help
	  Place segfaulting user mode processes on a wait queue instead of
	  delivering a terminating SIGSEGV to allow debugging with gdb.

endmenu

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...