linux/drivers/media/video/uvc
Ralph Loader fe6c700ff3 V4L/DVB (9053): fix buffer overflow in uvc-video
There is a buffer overflow in drivers/media/video/uvc/uvc_ctrl.c:

INFO: 0xf2c5ce08-0xf2c5ce0b. First byte 0xa1 instead of 0xcc
INFO: Allocated in uvc_query_v4l2_ctrl+0x3c/0x239 [uvcvideo] age=13 cpu=1 pid=4975
...

A fixed size 8-byte buffer is allocated, and a variable size field is read
into it; there is no particular bound on the size of the field (it is
dependent on hardware and configuration) and it can overflow [also
verified by inserting printk's.]

The patch attempts to size the buffer to the correctly.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Laurent Pinchart <laurent.pinchart@skynet.be>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04 23:04:32 -03:00
..
Kconfig V4L/DVB (8234): uvcvideo: Make input device support optional 2008-07-20 07:18:09 -03:00
Makefile V4L/DVB (8178): uvc: Fix compilation breakage for the other drivers, if uvc is selected 2008-07-02 08:58:15 -03:00
uvc_ctrl.c V4L/DVB (9053): fix buffer overflow in uvc-video 2008-10-04 23:04:32 -03:00
uvc_driver.c V4L/DVB (8616): uvcvideo: Add support for two Bison Electronics webcams 2008-08-06 06:57:36 -03:00
uvc_isight.c
uvc_queue.c PAGE_ALIGN(): correctly handle 64-bit values on 32-bit architectures 2008-07-24 10:47:21 -07:00
uvc_status.c V4L/DVB (8234): uvcvideo: Make input device support optional 2008-07-20 07:18:09 -03:00
uvc_v4l2.c V4L/DVB (8430): videodev: move some functions from v4l2-dev.h to v4l2-common.h or v4l2-ioctl.h 2008-07-23 19:00:17 -03:00
uvc_video.c V4L/DVB (8617): uvcvideo: don't use stack-based buffers for USB transfers. 2008-08-06 06:57:37 -03:00
uvcvideo.h v4l-dvb: remove legacy checks to allow support for kernels < 2.6.10 2008-07-20 07:17:52 -03:00