mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-09 10:09:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/media/v4l2-core
History
Sakari Ailus 5400770e31 media: v4l: ioctl: Fix memory leak in video_usercopy 
commit fb18802a33 upstream.

When an IOCTL with argument size larger than 128 that also used array
arguments were handled, two memory allocations were made but alas, only
the latter one of them was released. This happened because there was only
a single local variable to hold such a temporary allocation.

Fix this by adding separate variables to hold the pointers to the
temporary allocations.

Reported-by: Arnd Bergmann <arnd@kernel.org>
Reported-by: syzbot+1115e79c8df6472c612b@syzkaller.appspotmail.com
Fixes: d14e6d76eb ("[media] v4l: Add multi-planar ioctl handling code")
Cc: stable@vger.kernel.org
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-07 12:34:16 +01:00
..
Kconfig media: v4l2-core: Add helpers to build the H264 P/B0/B1 reflists 2020-04-21 13:46:40 +02:00
Makefile media: v4l2-core: Add helpers to build the H264 P/B0/B1 reflists 2020-04-21 13:46:40 +02:00
tuner-core.c
v4l2-async.c media: v4l2-async: Log message in case of heterogeneous fwnode match 2020-07-19 14:17:16 +02:00
v4l2-clk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
v4l2-common.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
v4l2-compat-ioctl32.c media: media/v4l2: remove V4L2_FLAG_MEMORY_NON_CONSISTENT flag 2020-09-14 15:28:06 +02:00
v4l2-ctrls.c media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate 2021-03-07 12:34:05 +01:00
v4l2-dev.c media: v4l2-dev/ioctl: Add V4L2_CAP_IO_MC 2020-05-06 12:08:25 +02:00
v4l2-device.c media: v4l2-dev: Add v4l2_device_register_ro_subdev_node() 2020-05-12 17:04:07 +02:00
v4l2-dv-timings.c media: v4l2-dv-timings: Use DIV_ROUND_CLOSEST directly to make it readable 2019-11-05 08:49:22 -03:00
v4l2-event.c media: v4l2-core: fix VIDIOC_DQEVENT for time64 ABI 2020-01-03 15:47:57 +01:00
v4l2-fh.c
v4l2-flash-led-class.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
v4l2-fwnode.c media: v4l2-fwnode: Return -EINVAL for invalid bus-type 2020-12-30 11:53:11 +01:00
v4l2-h264.c media: uapi: h264: Clean slice invariants syntax elements 2020-09-01 14:13:28 +02:00
v4l2-i2c.c media: v4l2-core: v4l2-i2c: convert to new API with ERRPTR 2020-02-24 15:21:52 +01:00
v4l2-ioctl.c media: v4l: ioctl: Fix memory leak in video_usercopy 2021-03-07 12:34:16 +01:00
v4l2-jpeg.c media: add v4l2 JPEG helpers 2020-04-14 11:47:47 +02:00
v4l2-mc.c media: v4l2-mc: add v4l2_create_fwnode_links helpers 2020-05-18 11:14:05 +02:00
v4l2-mem2mem.c media: v4l2-mem2mem: Fix spurious v4l2_m2m_buf_done 2020-10-08 09:08:53 +02:00
v4l2-spi.c v4l2-core: fix coding style for the two new c files 2019-08-26 11:01:25 -03:00
v4l2-subdev.c media: v4l2-subdev: Introduce [get|set]_mbus_config pad ops 2020-08-18 15:34:22 +02:00
v4l2-trace.c
videobuf-core.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
videobuf-dma-contig.c mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
videobuf-dma-sg.c media: videobuf-dma-sg: number of pages should be unsigned long 2020-09-03 11:12:20 +02:00
videobuf-vmalloc.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00