linux/drivers
Hans Verkuil 96d8569563 media: vivid: fix buffer overwrite when using > 32 buffers
The maximum number of buffers that can be requested was increased to
64 for the video capture queue. But video capture used a must_blank
array that was still sized for 32 (VIDEO_MAX_FRAME). This caused an
out-of-bounds write when using buffer indices >= 32.

Create a new define MAX_VID_CAP_BUFFERS that is used to access the
must_blank array and set max_num_buffers for the video capture queue.

This solves a crash reported by:

	https://bugzilla.kernel.org/show_bug.cgi?id=219258

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Fixes: cea70ed416 ("media: test-drivers: vivid: Increase max supported buffers for capture queues")
Cc: stable@vger.kernel.org
2024-10-28 09:14:12 +01:00
..
accel dma-mapping updates for linux 6.12 2024-09-19 11:12:49 +02:00
accessibility
acpi cxl changes for v6.12 2024-09-27 11:42:03 -07:00
amba
android
ata ata fixes for 6.12-rc1 2024-09-27 09:05:18 -07:00
atm
auxdisplay [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
base Driver core update for 6.12-rc1 2024-09-27 08:48:37 -07:00
bcma
block 19 hotfixes. 13 are cc:stable. 2024-09-27 10:27:22 -07:00
bluetooth [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
bus Driver core update for 6.12-rc1 2024-09-27 08:48:37 -07:00
cache
cdrom
cdx
char [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
clk soc: convert ep93xx to devicetree 2024-09-26 12:00:25 -07:00
clocksource Updates for x86 timers: 2024-09-17 15:27:01 +02:00
comedi
connector
counter [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
cpufreq In the v6.12 scheduler development cycle we had 63 commits from 18 contributors: 2024-09-19 15:55:58 +02:00
cpuidle pmdomain core: 2024-09-18 10:49:45 +02:00
crypto This push fixes the following issues: 2024-09-24 10:46:54 -07:00
cxl cxl changes for v6.12 2024-09-27 11:42:03 -07:00
dax
dca
devfreq
dio
dma soc: convert ep93xx to devicetree 2024-09-26 12:00:25 -07:00
dma-buf drm next for 6.12-rc1 2024-09-19 10:18:15 +02:00
dpll
edac - Drop a now obsolete ppc4xx_edac driver 2024-09-16 06:36:37 +02:00
eisa
extcon Char/Misc and other driver changes for 6.12-rc1 2024-09-26 10:13:08 -07:00
firewire [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
firmware [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
fpga
fsi
gnss [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
gpio [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
gpu drm fixes for 6.12-rc1 2024-09-28 08:47:46 -07:00
greybus greybus: gb-beagleplay: Add firmware upload API 2024-09-12 09:04:09 +02:00
hid [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
hsi
hte
hv drm next for 6.12-rc1 2024-09-19 10:18:15 +02:00
hwmon [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
hwspinlock
hwtracing [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
i2c i2c-for-6.12-rc1-additional_fixes 2024-09-29 09:47:33 -07:00
i3c i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition 2024-09-17 16:51:45 +02:00
idle intel_idle: fix ACPI _CST matching for newer Xeon platforms 2024-09-25 22:30:33 +02:00
iio
infiniband [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
input [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
interconnect
iommu [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
ipack
irqchip Merge tag 'irq-core-2024-09-16' into loongarch-next 2024-09-17 22:20:12 +08:00
isdn [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
leds [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
macintosh [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
mailbox mailbox, remoteproc: omap2+: fix compile testing 2024-09-27 09:11:05 -05:00
mcb
md - Misc VDO fixes 2024-09-27 09:12:51 -07:00
media media: vivid: fix buffer overwrite when using > 32 buffers 2024-10-28 09:14:12 +01:00
memory
memstick
message SCSI misc on 20240928 2024-09-29 09:22:34 -07:00
mfd - Added support for the Analog Devices ADP5585 GPIO and PWM functions. 2024-09-23 14:17:08 -07:00
misc [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
mmc [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
most
mtd [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
mux
net [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
nfc
ntb ntb: Force physically contiguous allocation of rx ring buffers 2024-09-20 10:51:25 -04:00
nubus
nvdimm virtio: features, fixes, cleanups 2024-09-26 08:43:17 -07:00
nvme for-6.12/block-20240925 2024-09-25 14:56:40 -07:00
nvmem Char/Misc and other driver changes for 6.12-rc1 2024-09-26 10:13:08 -07:00
of Kbuild updates for v6.12 2024-09-24 13:02:06 -07:00
opp
parisc
parport
pci pci-v6.12-changes 2024-09-23 12:47:06 -07:00
pcmcia
peci
perf RISC-V Patches for the 6.12 Merge Window, Part 1 2024-09-24 10:59:17 -07:00
phy phy-for-6.12 2024-09-23 14:05:10 -07:00
pinctrl soc: convert ep93xx to devicetree 2024-09-26 12:00:25 -07:00
platform [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
pmdomain pmdomain: core: Reduce debug summary table width 2024-09-13 13:41:33 +02:00
pnp
power soc: convert ep93xx to devicetree 2024-09-26 12:00:25 -07:00
powercap
pps [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
ps3
ptp
pwm soc: convert ep93xx to devicetree 2024-09-26 12:00:25 -07:00
rapidio
ras
regulator regulator: sm5703: Remove because it is unused and fails to build 2024-09-13 19:08:14 +01:00
remoteproc mhu-v3, omap2+ : fix kconfig dependencies 2024-09-29 09:53:04 -07:00
reset
rpmsg rpmsg: glink: Avoid -Wflex-array-member-not-at-end warnings 2024-09-13 14:09:47 -07:00
rtc [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
s390 more s390 updates for 6.12 merge window 2024-09-28 09:11:46 -07:00
sbus [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
scsi SCSI misc on 20240928 2024-09-29 09:22:34 -07:00
sh sh: intc: Replace simple_strtoul() with kstrtoul() 2024-09-26 17:25:29 +02:00
siox
slimbus
soc soc: convert ep93xx to devicetree 2024-09-26 12:00:25 -07:00
soundwire soundwire updates for 6.12 2024-09-23 14:00:46 -07:00
spi [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
spmi
ssb
staging media: av7110: fix a spectre vulnerability 2024-10-18 10:43:03 +02:00
target
tc
tee
thermal [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
thunderbolt
tty [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
ufs SCSI misc on 20240928 2024-09-29 09:22:34 -07:00
uio
usb [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
vdpa virtio: features, fixes, cleanups 2024-09-26 08:43:17 -07:00
vfio [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
vhost virtio: features, fixes, cleanups 2024-09-26 08:43:17 -07:00
video fbdev: sisfb: Fix strbuf array overflow 2024-09-28 00:42:11 +02:00
virt [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
virtio virtio: features, fixes, cleanups 2024-09-26 08:43:17 -07:00
w1
watchdog [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
xen xen: branch for v6.12-rc1a 2024-09-27 09:55:30 -07:00
zorro
Kconfig
Makefile