kevin/linux
1
Fork 0
Code
e384a41141
linux/drivers/staging/comedi
History
Dan Carpenter e384a41141 Staging: comedi: integer overflow in do_insnlist_ioctl() 
There is an integer overflow here that could cause memory corruption
on 32 bit systems.

insnlist.n_insns could be a very high value size calculation for
kmalloc() could overflow resulting in a smaller "insns" than
expected.  In the for (i = 0; i < insnlist.n_insns; i++) {... loop
we would read past the end of the buffer, possibly corrupting memory
as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 18:34:15 -08:00
..
drivers staging: comedi: usbduxsigma: Fixed wrong range for the analogue channel. 2011-11-26 18:34:14 -08:00
kcomedilib
comedi_compat32.c
comedi_compat32.h
comedi_fops.c Staging: comedi: integer overflow in do_insnlist_ioctl() 2011-11-26 18:34:15 -08:00
comedi_fops.h
comedi.h staging: comedi: fixed a declaration coding style issue 2011-06-28 13:23:56 -07:00
comedidev.h staging: comedi: remove COMEDI_DEVICE_CREATE macro, expand all callers 2011-07-06 08:22:49 -07:00
comedilib.h
drivers.c Staging: comedi: drivers.c: fix PAGE_KERNEL_NOCACHE issue 2011-06-09 12:13:53 -07:00
internal.h
Kconfig staging: comedi: new driver usbduxsigma 2011-08-23 12:00:45 -07:00
Makefile Staging: comedi: Makefile: replace the use of <module>-objs with <module>-y 2010-10-08 07:23:52 -07:00
proc.c
range.c
TODO