git.baikalelectronics.ru Git - kernel.git/commit

author	Dan Carpenter <dan.carpenter@oracle.com>
	Thu, 5 Jan 2012 05:27:57 +0000 (02:27 -0300)
committer	Mauro Carvalho Chehab <mchehab@redhat.com>
	Sat, 7 Jan 2012 13:47:22 +0000 (11:47 -0200)
commit	5c0de35188a1b849bf85e2d33b40bd61c2d5fd2f
tree	2b2902e6b1c0d91f4fedd804af47ff33dbae42e1	tree \| snapshot
parent	aa845ba8c0b71fa64f589d32422d582000bd815e	commit \| diff

[media] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy()

If ctrls->count is too high the multiplication could overflow and
array_size would be lower than expected. Mauro and Hans Verkuil
suggested that we cap it at 1024. That comes from the maximum
number of controls with lots of room for expantion.

$ grep V4L2_CID include/linux/videodev2.h | wc -l
211

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

drivers/media/video/v4l2-ioctl.c		diff \| blob \| history
include/linux/videodev2.h		diff \| blob \| history