Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / kernel / msm / e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6
commite424fb8cc4e6634c10f8159b1ff5618cf7bab9c6[log] [tgz]
authorXi Wang <xi.wang@gmail.com>Wed Dec 28 23:49:06 2011 -0500
committerMatthew Garrett <mjg@redhat.com>Mon Mar 12 10:25:51 2012 -0400
tree1907ba5a04c791b676de548e62627aa50b795bc7
parent461e74377cfcfc2c0d6bbdfa8fc5fbc21b052c2a [diff]
panasonic-laptop: avoid overflow in acpi_pcc_hotkey_add()

num_sifr could go negative since acpi_pcc_get_sqty() returns -EINVAL
on error.  Then it could bypass the sanity check (num_sifr > 255).
The subsequent call to kzalloc() would allocate a small buffer, leading
to a memory corruption.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
1 file changed
tree: 1907ba5a04c791b676de548e62627aa50b795bc7
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS