commit | 201320435d017e8ebd449034547ef0518ec4d056 | [log] [tgz] |
---|---|---|
author | Xi Wang <xi.wang@gmail.com> | Tue Nov 29 21:53:46 2011 -0500 |
committer | Greg Kroah-Hartman <gregkh@suse.de> | Wed Nov 30 19:29:40 2011 +0900 |
tree | 28d3e3eb643611d1ff8c240baf9f46d40d6a4693 | |
parent | 2a58b19fd97c7368c03c027419a2aeb26313adad [diff] |
staging: vt6656: integer overflows in private_ioctl() There are two potential integer overflows in private_ioctl() if userspace passes in a large sList.uItem / sNodeList.uItem. The subsequent call to kmalloc() would allocate a small buffer, leading to a memory corruption. Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>