https://github.com/torvalds/linux
Revision fe6c700ff34e68e1eb7991e9c5d18986d0005ac1 authored by Ralph Loader on 23 September 2008, 00:06:48 UTC, committed by Mauro Carvalho Chehab on 05 October 2008, 02:04:32 UTC
There is a buffer overflow in drivers/media/video/uvc/uvc_ctrl.c: INFO: 0xf2c5ce08-0xf2c5ce0b. First byte 0xa1 instead of 0xcc INFO: Allocated in uvc_query_v4l2_ctrl+0x3c/0x239 [uvcvideo] age=13 cpu=1 pid=4975 ... A fixed size 8-byte buffer is allocated, and a variable size field is read into it; there is no particular bound on the size of the field (it is dependent on hardware and configuration) and it can overflow [also verified by inserting printk's.] The patch attempts to size the buffer to the correctly. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Laurent Pinchart <laurent.pinchart@skynet.be> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
1 parent bda1cda
Tip revision: fe6c700ff34e68e1eb7991e9c5d18986d0005ac1 authored by Ralph Loader on 23 September 2008, 00:06:48 UTC
V4L/DVB (9053): fix buffer overflow in uvc-video
V4L/DVB (9053): fix buffer overflow in uvc-video
Tip revision: fe6c700
| File | Mode | Size |
|---|---|---|
| accessibility | ||
| acpi | ||
| amba | ||
| ata | ||
| atm | ||
| auxdisplay | ||
| base | ||
| block | ||
| bluetooth | ||
| cdrom | ||
| char | ||
| clocksource | ||
| connector | ||
| cpufreq | ||
| cpuidle | ||
| crypto | ||
| dca | ||
| dio | ||
| dma | ||
| edac | ||
| eisa | ||
| firewire | ||
| firmware | ||
| gpio | ||
| gpu | ||
| hid | ||
| hwmon | ||
| i2c | ||
| ide | ||
| ieee1394 | ||
| infiniband | ||
| input | ||
| isdn | ||
| leds | ||
| lguest | ||
| macintosh | ||
| mca | ||
| md | ||
| media | ||
| memstick | ||
| message | ||
| mfd | ||
| misc | ||
| mmc | ||
| mtd | ||
| net | ||
| nubus | ||
| of | ||
| oprofile | ||
| parisc | ||
| parport | ||
| pci | ||
| pcmcia | ||
| pnp | ||
| power | ||
| ps3 | ||
| rapidio | ||
| regulator | ||
| rtc | ||
| s390 | ||
| sbus | ||
| scsi | ||
| serial | ||
| sh | ||
| sn | ||
| spi | ||
| ssb | ||
| tc | ||
| telephony | ||
| thermal | ||
| uio | ||
| usb | ||
| video | ||
| virtio | ||
| w1 | ||
| watchdog | ||
| xen | ||
| zorro | ||
| Kconfig | -rw-r--r-- | 1.7 KB |
| Makefile | -rw-r--r-- | 2.9 KB |
Computing file changes ...
