mirror of
https://github.com/torvalds/linux.git
synced 2024-12-23 11:21:33 +00:00
389b6a2261
In preparation for FORTIFY_SOURCE performing run-time destination buffer bounds checking for memcpy(), specify the destination output buffer explicitly, instead of asking memcpy() to write past the end of what looked like a fixed-size object. Notice that raw_frame is a pointer to a structure that contains flexible-array member rawframe[]: drivers/media/usb/pwc/pwc.h: 190 struct pwc_raw_frame { 191 __le16 type; /* type of the webcam */ 192 __le16 vbandlength; /* Size of 4 lines compressed (used by the 193 decompressor) */ 194 __u8 cmd[4]; /* the four byte of the command (in case of 195 nala, only the first 3 bytes is filled) */ 196 __u8 rawframe[]; /* frame_size = H / 4 * vbandlength */ 197 } __packed; Link: https://github.com/KSPP/linux/issues/200 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
pwc-ctrl.c | ||
pwc-dec1.c | ||
pwc-dec1.h | ||
pwc-dec23.c | ||
pwc-dec23.h | ||
pwc-if.c | ||
pwc-kiara.c | ||
pwc-kiara.h | ||
pwc-misc.c | ||
pwc-nala.h | ||
pwc-timon.c | ||
pwc-timon.h | ||
pwc-uncompress.c | ||
pwc-v4l.c | ||
pwc.h |