Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision fe6c700ff34e68e1eb7991e9c5d18986d0005ac1 authored by Ralph Loader on 23 September 2008, 00:06:48 UTC, committed by Mauro Carvalho Chehab on 05 October 2008, 02:04:32 UTC 
V4L/DVB (9053): fix buffer overflow in uvc-video
 
There is a buffer overflow in drivers/media/video/uvc/uvc_ctrl.c:

INFO: 0xf2c5ce08-0xf2c5ce0b. First byte 0xa1 instead of 0xcc
INFO: Allocated in uvc_query_v4l2_ctrl+0x3c/0x239 [uvcvideo] age=13 cpu=1 pid=4975
...

A fixed size 8-byte buffer is allocated, and a variable size field is read
into it; there is no particular bound on the size of the field (it is
dependent on hardware and configuration) and it can overflow [also
verified by inserting printk's.]

The patch attempts to size the buffer to the correctly.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Laurent Pinchart <laurent.pinchart@skynet.be>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
1 parent bda1cda
History
Tip revision: fe6c700ff34e68e1eb7991e9c5d18986d0005ac1 authored by Ralph Loader on 23 September 2008, 00:06:48 UTC
V4L/DVB (9053): fix buffer overflow in uvc-video
Tip revision: fe6c700
File Mode Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
usr
virt
.gitignore -rw-r--r-- 867 bytes
.mailmap -rw-r--r-- 3.6 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 90.7 KB
Kbuild -rw-r--r-- 2.4 KB
MAINTAINERS -rw-r--r-- 99.8 KB
Makefile -rw-r--r-- 55.4 KB
README -rw-r--r-- 16.5 KB
REPORTING-BUGS -rw-r--r-- 3.1 KB

README

back to top