Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 7ac95cf59d59473e680937319594ce0719497e98
commit7ac95cf59d59473e680937319594ce0719497e98[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Tue Sep 09 09:11:23 2014 -0300
committerMauro Carvalho Chehab <mchehab@osg.samsung.com>Tue Sep 23 16:13:39 2014 -0300
treeb7cb5b002d0e71aacb17868f228d880cf8d5a2cb
parentcf3b576d52c1f0a204f0c8bdecc22a338f7ca5a4 [diff]
[media] firewire: firedtv-avc: fix more potential buffer overflow

"program_info_length" is user controlled and can go up to 4095.  The
operand[] array has 509 bytes so we need to add a limit here to prevent
buffer overflows.

The " - 4" in the limit check is because we have 4 bytes more data to
add after the memcpy().

[mchehab@osg.samsung.com: as I merged the version 1 of the patch, I needed
 to rebase to apply just the differences between v1 and v2]
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
1 file changed
tree: b7cb5b002d0e71aacb17868f228d880cf8d5a2cb
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS