linux

mirror of https://github.com/torvalds/linux.git synced 2024-12-19 01:23:20 +00:00

History

Ralph Loader fe6c700ff3 V4L/DVB (9053): fix buffer overflow in uvc-video There is a buffer overflow in drivers/media/video/uvc/uvc_ctrl.c: INFO: 0xf2c5ce08-0xf2c5ce0b. First byte 0xa1 instead of 0xcc INFO: Allocated in uvc_query_v4l2_ctrl+0x3c/0x239 [uvcvideo] age=13 cpu=1 pid=4975 ... A fixed size 8-byte buffer is allocated, and a variable size field is read into it; there is no particular bound on the size of the field (it is dependent on hardware and configuration) and it can overflow [also verified by inserting printk's.] The patch attempts to size the buffer to the correctly. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Laurent Pinchart <laurent.pinchart@skynet.be> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>		2008-10-04 23:04:32 -03:00
..
Kconfig	V4L/DVB (8234): uvcvideo: Make input device support optional	2008-07-20 07:18:09 -03:00
Makefile	V4L/DVB (8178): uvc: Fix compilation breakage for the other drivers, if uvc is selected	2008-07-02 08:58:15 -03:00
uvc_ctrl.c	V4L/DVB (9053): fix buffer overflow in uvc-video	2008-10-04 23:04:32 -03:00
uvc_driver.c	V4L/DVB (8616): uvcvideo: Add support for two Bison Electronics webcams	2008-08-06 06:57:36 -03:00
uvc_isight.c
uvc_queue.c	PAGE_ALIGN(): correctly handle 64-bit values on 32-bit architectures	2008-07-24 10:47:21 -07:00
uvc_status.c	V4L/DVB (8234): uvcvideo: Make input device support optional	2008-07-20 07:18:09 -03:00
uvc_v4l2.c	V4L/DVB (8430): videodev: move some functions from v4l2-dev.h to v4l2-common.h or v4l2-ioctl.h	2008-07-23 19:00:17 -03:00
uvc_video.c	V4L/DVB (8617): uvcvideo: don't use stack-based buffers for USB transfers.	2008-08-06 06:57:37 -03:00
uvcvideo.h	v4l-dvb: remove legacy checks to allow support for kernels < 2.6.10	2008-07-20 07:17:52 -03:00