linux-stable/drivers/media/firewire
Dan Carpenter 7ac95cf59d [media] firewire: firedtv-avc: fix more potential buffer overflow
"program_info_length" is user controlled and can go up to 4095.  The
operand[] array has 509 bytes so we need to add a limit here to prevent
buffer overflows.

The " - 4" in the limit check is because we have 4 bytes more data to
add after the memcpy().

[mchehab@osg.samsung.com: as I merged the version 1 of the patch, I needed
 to rebase to apply just the differences between v1 and v2]
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2014-09-23 16:13:39 -03:00
..
firedtv-avc.c [media] firewire: firedtv-avc: fix more potential buffer overflow 2014-09-23 16:13:39 -03:00
firedtv-ci.c
firedtv-dvb.c [media] demux.h: Remove duplicated enum 2013-04-08 06:53:15 -03:00
firedtv-fe.c
firedtv-fw.c firewire: introduce fw_driver.probe and .remove methods 2013-06-09 18:15:00 +02:00
firedtv-rc.c
firedtv.h [media] remove include/linux/dvb/dmx.h 2012-10-19 07:29:17 -03:00
Kconfig
Makefile