Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-24 21:21:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
96d8569563
linux/drivers/media
History
Hans Verkuil 96d8569563 media: vivid: fix buffer overwrite when using > 32 buffers 
The maximum number of buffers that can be requested was increased to
64 for the video capture queue. But video capture used a must_blank
array that was still sized for 32 (VIDEO_MAX_FRAME). This caused an
out-of-bounds write when using buffer indices >= 32.

Create a new define MAX_VID_CAP_BUFFERS that is used to access the
must_blank array and set max_num_buffers for the video capture queue.

This solves a crash reported by:

	https://bugzilla.kernel.org/show_bug.cgi?id=219258

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Fixes: cea70ed416 ("media: test-drivers: vivid: Increase max supported buffers for capture queues")
Cc: stable@vger.kernel.org
2024-10-28 09:14:12 +01:00
..
cec media: pulse8-cec: fix data timestamp at pulse8_setup() 2024-10-18 10:43:03 +02:00
common media: v4l2-tpg: prevent the risk of a division by zero 2024-10-18 10:43:03 +02:00
dvb-core media: dvb_frontend: don't play tricks with underflow values 2024-10-18 10:43:03 +02:00
dvb-frontends media: stb0899_algo: initialize cfr before using it 2024-10-18 10:43:03 +02:00
firewire media: firewire: firedtv-avc.c: replace BUG with proper, error return 2023-08-10 07:58:37 +02:00
i2c media: adv7604: prevent underflow condition when reporting colorspace 2024-10-18 10:43:03 +02:00
mc [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
mmc media: mmc: siano: simplify module initialization 2024-04-08 13:48:19 +02:00
pci media: mgb4: protect driver against spectre 2024-10-18 10:43:03 +02:00
platform media: s5p-jpeg: prevent buffer overflows 2024-10-18 10:43:03 +02:00
radio media: Drop explicit initialization of struct i2c_device_id::driver_data to 0 2024-08-09 07:56:37 +02:00
rc [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
spi media: gs1662: remove unused struct 'gs_reg_fmt_custom' 2024-05-31 13:51:16 +02:00
test-drivers media: vivid: fix buffer overwrite when using > 32 buffers 2024-10-28 09:14:12 +01:00
tuners Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" 2024-08-09 07:56:38 +02:00
usb [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
v4l2-core media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() 2024-10-18 10:43:03 +02:00
Kconfig
Makefile