fe6c700ff3
There is a buffer overflow in drivers/media/video/uvc/uvc_ctrl.c: INFO: 0xf2c5ce08-0xf2c5ce0b. First byte 0xa1 instead of 0xcc INFO: Allocated in uvc_query_v4l2_ctrl+0x3c/0x239 [uvcvideo] age=13 cpu=1 pid=4975 ... A fixed size 8-byte buffer is allocated, and a variable size field is read into it; there is no particular bound on the size of the field (it is dependent on hardware and configuration) and it can overflow [also verified by inserting printk's.] The patch attempts to size the buffer to the correctly. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Laurent Pinchart <laurent.pinchart@skynet.be> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
uvc_ctrl.c | ||
uvc_driver.c | ||
uvc_isight.c | ||
uvc_queue.c | ||
uvc_status.c | ||
uvc_v4l2.c | ||
uvc_video.c | ||
uvcvideo.h |