mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Pavel Skripkin 2e004fe914 media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init 
[ Upstream commit 471bec6845 ]

Syzbot reported that -1 is used as array index. The problem was in
missing validation check.

hdw->unit_number is initialized with -1 and then if init table walk fails
this value remains unchanged. Since code blindly uses this member for
array indexing adding sanity check is the easiest fix for that.

hdw->workpoll initialization moved upper to prevent warning in
__flush_work.

Reported-and-tested-by: syzbot+1a247e36149ffd709a9b@syzkaller.appspotmail.com

Fixes: d855497edb ("V4L/DVB (4228a): pvrusb2 to kernel 2.6.18")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-06-14 16:53:49 +02:00
..
accessibility
acpi ACPI: sysfs: Fix BERT error region memory mapping 2022-06-06 08:20:56 +02:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-12 14:28:22 +01:00
android binder: fix async_free_space accounting for empty parcels 2022-01-05 12:33:49 +01:00
ata ata: pata_marvell: Check the 'bmdma_addr' beforing reading 2022-04-27 13:15:30 +02:00
atm atm: eni: Add check for dma_map_single 2022-03-23 09:01:35 +01:00
auxdisplay auxdisplay: ht16k33: Fix frame buffer device blanking 2021-11-26 11:40:35 +01:00
base PM: core: keep irq flags in device_pm_check_callbacks() 2022-04-20 09:08:22 +02:00
bcma bcma: Fix memory leak for internally-handled cores 2021-09-22 11:45:22 +02:00
block drbd: remove usage of list iterator variable after loop 2022-05-25 08:41:18 +02:00
bluetooth Bluetooth: bfusb: fix division by zero in send path 2022-01-27 09:00:46 +01:00
bus bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() 2022-05-12 12:17:07 +02:00
cdrom
char ipmi:ssif: Check for NULL msg when handling events and messages 2022-06-14 16:53:45 +02:00
clk clk: at91: generated: consider range when calculating best rate 2022-05-25 08:41:20 +02:00
clocksource clocksource: acpi_pm: fix return value of __setup handler 2022-04-20 09:08:13 +02:00
connector
cpufreq cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory 2021-10-06 15:05:08 +02:00
cpuidle cpuidle: Fix kobject memory leaks in error paths 2021-11-26 11:40:29 +01:00
crypto crypto: ccp - ccp_dmaengine_unregister release dma channels 2022-04-20 09:08:13 +02:00
dax
dca
devfreq
dio
dma dma: at_xdmac: fix a missing check on list iterator 2022-04-27 13:15:30 +02:00
dma-buf dma-buf/sync_file: Don't leak fences on merge failure 2021-07-28 11:12:16 +02:00
edac EDAC: Fix calculation of returned address and next offset in edac_align_ptr() 2022-02-23 11:57:35 +01:00
eisa
extcon extcon: max8997: Add missing modalias string 2021-07-20 16:17:41 +02:00
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:17:09 +02:00
firmware efi: fix return value of __setup handlers 2022-03-23 09:01:35 +01:00
fmc
fpga
fsi
gpio gpio: mvebu/pwm: Refuse requests with inverted polarity 2022-05-25 08:41:21 +02:00
gpu drm/msm: return an error pointer in msm_gem_prime_get_sg_table() 2022-06-14 16:53:49 +02:00
hid HID: hid-led: fix maximum brightness for Dream Cheeky 2022-06-14 16:53:48 +02:00
hsi HSI: core: Fix return freed object in hsi_new_client 2022-01-27 09:00:54 +01:00
hv Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer 2022-04-20 09:08:31 +02:00
hwmon hwmon: (f71882fg) Fix negative temperature 2022-05-18 09:18:07 +02:00
hwspinlock
hwtracing coresight: Fix TRCCONFIGR.QE sysfs interface 2022-04-20 09:08:09 +02:00
i2c drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers 2022-06-06 08:20:56 +02:00
ide
idle
iio iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() 2022-05-12 12:17:05 +02:00
infiniband RDMA/hfi1: Prevent panic when SDMA is disabled 2022-06-14 16:53:47 +02:00
input Input: stmfts - fix reference leak in stmfts_input_open 2022-05-25 08:41:18 +02:00
iommu iommu/arm-smmu-v3: fix event handling soft lockup 2022-04-20 09:08:27 +02:00
ipack ipack: ipoctal: fix module reference leak 2021-10-06 15:05:09 +02:00
irqchip irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value 2022-06-14 16:53:49 +02:00
isdn mISDN: change function names to avoid conflicts 2022-01-11 13:57:38 +01:00
leds leds: ktd2692: Fix an error handling path 2021-07-20 16:17:41 +02:00
lightnvm lightnvm: disable the subsystem 2022-05-12 12:17:04 +02:00
macintosh macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled 2022-06-14 16:53:47 +02:00
mailbox
mcb mcb: fix error handling in mcb_alloc_bus() 2021-10-06 15:05:05 +02:00
md dm verity: set DM_TARGET_IMMUTABLE feature flag 2022-06-06 08:20:57 +02:00
media media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init 2022-06-14 16:53:49 +02:00
memory memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe 2022-04-20 09:08:31 +02:00
memstick memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() 2021-11-26 11:40:30 +01:00
message
mfd mfd: asic3: Add missing iounmap() on error asic3_mfd_probe 2022-04-20 09:08:19 +02:00
misc kgdbts: fix return value of __setup handler 2022-04-20 09:08:20 +02:00
mmc mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() 2022-05-25 08:41:19 +02:00
mtd mtd: rawnand: Fix return value check of wait_for_completion_timeout 2022-05-12 12:17:06 +02:00
mux
net ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix 2022-06-14 16:53:48 +02:00
nfc nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs 2022-05-12 12:17:09 +02:00
ntb
nubus
nvdimm
nvme nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags 2022-06-14 16:53:45 +02:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-20 10:42:04 +02:00
of of: Fix truncation of memory sizes on 32-bit platforms 2021-07-20 16:17:40 +02:00
oprofile
parisc parisc: Fix CPU affinity for Lasi, WAX and Dino chips 2022-04-20 09:08:28 +02:00
parport parport: remove non-zero check on count 2021-09-22 11:45:31 +02:00
pci PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() 2022-06-14 16:53:47 +02:00
pcmcia pcmcia: fix setting of kthread task states 2022-01-27 09:00:51 +01:00
perf perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator 2022-04-20 09:08:30 +02:00
phy phy: samsung: exynos5250-sata: fix missing device put in probe error paths 2022-05-12 12:17:06 +02:00
pinctrl pinctrl: pistachio: fix use of irq_of_parse_and_map() 2022-05-12 12:17:07 +02:00
platform platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative 2022-04-27 13:15:30 +02:00
pnp
power power: supply: axp20x_battery: properly report current when discharging 2022-04-20 09:08:26 +02:00
powercap
pps
ps3
ptp ptp: replace snprintf with sysfs_emit 2022-04-20 09:08:26 +02:00
pwm pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() 2022-04-20 09:08:19 +02:00
rapidio
ras
regulator regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt 2022-06-14 16:53:49 +02:00
remoteproc remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region 2022-04-20 09:08:19 +02:00
reset reset: ti-syscon: fix to_ti_syscon_reset_data macro 2021-07-28 11:12:14 +02:00
rpmsg rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev 2022-02-08 18:16:25 +01:00
rtc rtc: wm8350: Handle error for wm8350_register_irq 2022-04-20 09:08:26 +02:00
s390 s390/lcs: fix variable dereferenced before check 2022-05-18 09:18:06 +02:00
sbus
scsi scsi: megaraid: Fix error check return value of register_chrdev() 2022-06-14 16:53:45 +02:00
sfi
sh maple: fix wrong return value of maple_bus_init(). 2021-11-26 11:40:39 +01:00
sn
soc soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe 2022-04-20 09:08:14 +02:00
spi spi: img-spfi: Fix pm_runtime_get_sync() error checking 2022-06-14 16:53:48 +02:00
spmi
ssb ssb: sdio: Don't overwrite const buffer if block_write fails 2021-07-20 16:17:30 +02:00
staging staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() 2022-06-06 08:20:56 +02:00
target scsi: target: tcmu: Fix possible page UAF 2022-04-20 09:08:32 +02:00
tc
tee tee: handle lookup of shm with reference count 0 2022-01-05 12:33:48 +01:00
thermal thermal: int340x: Increase bitmap size 2022-04-20 09:08:12 +02:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:36:15 +02:00
tty tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() 2022-05-18 09:18:09 +02:00
uio
usb USB: new quirk for Dell Gen 2 devices 2022-06-14 16:53:43 +02:00
uwb
vfio vfio: Use config not menuconfig for VFIO_NOIOMMU 2021-09-22 11:45:26 +02:00
vhost vhost/vsock: don't check owner in vhost_vsock_stop() while releasing 2022-03-02 11:33:52 +01:00
video video: fbdev: sm712fb: Fix crash in smtcfb_write() 2022-04-20 09:08:23 +02:00
virt
virtio virtio: acknowledge all features before access 2022-03-16 12:57:09 +01:00
vlynq
vme
w1 w1: w1_therm: fixes w1_seq for ds28ea00 sensors 2022-04-20 09:08:28 +02:00
watchdog ar7: fix kernel builds for compiler test 2021-11-26 11:40:35 +01:00
xen xen/gnttab: fix gnttab_end_foreign_access() without page specified 2022-03-11 10:13:33 +01:00
zorro
Kconfig
Makefile