github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
adc0186cfa
linux/drivers
History
Dan Carpenter 065449fd56 V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() 
commit 6c06108be5 upstream.

If ctrls->count is too high the multiplication could overflow and
array_size would be lower than expected.  Mauro and Hans Verkuil
suggested that we cap it at 1024.  That comes from the maximum
number of controls with lots of room for expantion.

$ grep V4L2_CID include/linux/videodev2.h | wc -l
211

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2012-01-25 17:24:46 -08:00
..
accessibility
acpi ACPI atomicio: Convert width in bits to bytes in __acpi_ioremap_fast() 2011-11-11 09:37:11 -08:00
amba
ata ata_piix: make DVD Drive recognisable on systems with Intel Sandybridge chipsets(v2) 2011-11-11 09:35:50 -08:00
atm
auxdisplay
base firmware: Fix an oops on reading fw_priv->fw in sysfs loading file 2012-01-12 11:34:55 -08:00
bcma
block xen/blkback: Report VBD_WSECT (wr_sect) properly. 2011-11-11 09:37:07 -08:00
bluetooth btusb: add device entry for Broadcom SoftSailing 2011-11-11 09:36:43 -08:00
cdrom
char TPM: Zero buffer after copying to userspace 2011-10-03 11:40:58 -07:00
clk
clocksource
connector
cpufreq drivers/cpufreq/pcc-cpufreq.c: avoid NULL pointer dereference 2011-10-03 11:40:31 -07:00
cpuidle
crypto crypto: mv_cesa - fix hashing of chunks > 1920 bytes 2011-12-09 08:52:20 -08:00
dca
dio
dma
edac i7core_edac: fixed typo in error count calculation 2011-08-29 13:29:06 -07:00
eisa
firewire firewire: sbp2: fix panic after rmmod with slow targets 2011-10-25 07:10:16 +02:00
firmware ibft: Fix finding IBFT ACPI table on UEFI 2011-12-21 12:57:45 -08:00
gpio gpio: wm831x: add a missing break in wm831x_gpio_dbg_show 2011-07-15 14:03:30 -06:00
gpu radeon: Fix disabling PCI bus mastering on big endian hosts. 2012-01-25 17:24:35 -08:00
hid HID: bump maximum global item tag report size to 96 bytes 2012-01-25 17:24:37 -08:00
hwmon hwmon: (coretemp) Fix oops on CPU offlining 2011-12-21 12:57:41 -08:00
hwspinlock hwspinlock/core: use a mutex to protect the radix tree 2011-11-11 09:36:31 -08:00
i2c i2c: Fix error value returned by several bus drivers 2012-01-25 17:24:45 -08:00
ide ide-disk: Fix request requeuing 2011-10-16 14:14:51 -07:00
idle
ieee802154
infiniband IB/qib: Fix a possible data corruption when receiving packets 2012-01-12 11:35:04 -08:00
input Input: synaptics - fix touchpad not working after S2R on Vostro V13 2012-01-06 14:13:49 -08:00
isdn net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared 2011-08-15 18:31:38 -07:00
leds Revert "leds: save the delay values after a successful call to blink_set()" 2011-11-21 14:31:19 -08:00
lguest
macintosh
mca
md md/raid5: fix bug that could result in reads from a failed device. 2011-12-21 12:57:42 -08:00
media V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() 2012-01-25 17:24:46 -08:00
memstick
message
mfd mfd: Turn on the twl4030-madc MADC clock 2012-01-06 14:14:11 -08:00
misc pcie-gadget-spear: Add "platform:" prefix for platform modalias 2011-11-26 09:09:59 -08:00
mmc mmc: sd: Fix SDR12 timing regression 2012-01-25 17:24:46 -08:00
mtd UBI: fix debugging messages 2012-01-25 17:24:44 -08:00
net rtl8192se: Fix BUG caused by failure to check skb allocation 2012-01-25 17:24:42 -08:00
nfc
nubus
of
oprofile oprofile: Fix uninitialized memory access when writing to writing to oprofilefs 2012-01-06 14:13:51 -08:00
parisc
parport
pci PCI: msi: Disable msi interrupts when we initialize a pci device 2012-01-25 17:24:38 -08:00
pcmcia pcmcia: pxa2xx/vpac270: free gpios on exist rather than requesting 2011-07-11 14:26:34 +08:00
platform WMI: properly cleanup devices to avoid crashes 2011-11-11 09:36:09 -08:00
pnp PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB 2012-01-25 17:24:42 -08:00
power drivers/power/ds2780_battery.c: fix deadlock upon insertion and removal 2011-11-11 09:36:32 -08:00
pps
ps3
ptp ptp: Fix clock_getres() implementation 2011-12-21 12:57:36 -08:00
rapidio rapidio: fix use of non-compatible registers 2011-10-03 11:39:46 -07:00
regulator regulator: tps65910: Add missing breaks in switch/case 2011-10-03 11:40:01 -07:00
rtc drivers/rtc/interface.c: fix alarm rollover when day or month is out-of-range 2012-01-25 17:24:33 -08:00
s390 SCSI: zfcp: return early from slave_destroy if slave_alloc returned early 2012-01-06 14:13:47 -08:00
sbus
scsi SCSI: mpt2sas : Fix for memory allocation error for large host credits 2012-01-25 17:24:41 -08:00
sfi
sh drivers: sh: resume enabled clocks fix 2011-06-14 15:15:25 +09:00
sn
spi spi/s3c64xx: Bug fix for SPI with different FIFO level 2011-07-06 15:03:08 +09:00
ssb ssb: fix init regression with SoCs 2012-01-06 14:13:48 -08:00
staging staging: r8712u: Add new USB ID 2011-12-21 12:57:44 -08:00
target target: Handle 0 correctly in transport_get_sectors_6() 2011-12-21 12:57:37 -08:00
tc
telephony
thermal
tty atmel_serial: fix spinlock lockup in RS485 code 2012-01-12 11:35:07 -08:00
uio
usb usb: cdc-acm: Fix acm_tty_hangup() vs. acm_tty_close() race 2012-01-12 11:35:53 -08:00
uwb
vhost
video offb: Fix bug in calculating requested vram size 2012-01-12 11:35:00 -08:00
virtio virtio-pci: fix use after free 2011-11-21 14:31:14 -08:00
vlynq
w1 drivers/power/ds2780_battery.c: add a nolock function to w1 interface 2011-11-11 09:36:32 -08:00
watchdog watchdog: hpwdt: Changes to handle NX secure bit in 32bit path 2012-01-06 14:14:00 -08:00
xen xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. 2012-01-25 17:24:41 -08:00
zorro zorro: Defer device_register() until all devices have been identified 2011-10-03 11:40:57 -07:00
Kconfig
Makefile