lists.zerezo.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] uvcvideo: Fix a buffer overflow in format descriptor parsing

Date: Fri, 4 Jul 2008 02:34:59 +0200
From: Laurent Pinchart <laurent.pinchart@xxxxxxxxx>
Subject: [PATCH] uvcvideo: Fix a buffer overflow in format descriptor parsing

Thanks to Oliver Neukum for catching and reporting this bug.

Signed-off-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxx>
---
 drivers/media/video/uvc/uvc_driver.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/media/video/uvc/uvc_driver.c b/drivers/media/video/uvc/uvc_driver.c
index 60ced58..86bb16d 100644
--- a/drivers/media/video/uvc/uvc_driver.c
+++ b/drivers/media/video/uvc/uvc_driver.c
@@ -298,7 +298,8 @@ static int uvc_parse_format(struct uvc_device *dev,
 	switch (buffer[2]) {
 	case VS_FORMAT_UNCOMPRESSED:
 	case VS_FORMAT_FRAME_BASED:
-		if (buflen < 27) {
+		n = buffer[2] == VS_FORMAT_UNCOMPRESSED ? 27 : 28;
+		if (buflen < n) {
 			uvc_trace(UVC_TRACE_DESCR, "device %d videostreaming"
 			       "interface %d FORMAT error\n",
 			       dev->udev->devnum,
-- 
1.5.4.5

--
video4linux-list mailing list
Unsubscribe mailto:video4linux-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/video4linux-list

Prev by Date: Re: [linux-dvb] [PATCH] Shrink saa7134 mmio mapped size
Next by Date: [PATCH] uvcvideo: Use GFP_NOIO when allocating memory during resume
Previous by thread: RFC: remove support from v4l-dvb for kernels < 2.6.16
Next by thread: [PATCH] uvcvideo: Use GFP_NOIO when allocating memory during resume
Index(es):
- Date
- Thread