Em Wed, 10 Jun 2009 10:52:28 -0300 Mauro Carvalho Chehab <mche...@infradead.org> escreveu:
> Em Mon, 25 May 2009 11:16:34 -0300 > Mauro Carvalho Chehab <mche...@infradead.org> escreveu: > > > Em Mon, 25 May 2009 13:17:02 +0200 > > Laurent Pinchart <laurent.pinch...@skynet.be> escreveu: > > > > > Hi everybody, > > > > > > Márton Németh found an integer overflow bug in the extended control ioctl > > > handling code. This affects both video_usercopy and video_ioctl2. See > > > http://bugzilla.kernel.org/show_bug.cgi?id=13357 for a detailed > > > description of > > > the problem. > > > > > > > > Restricting v4l2_ext_controls::count to values smaller than > > > KMALLOC_MAX_SIZE / > > > sizeof(struct v4l2_ext_control) should be enough, but we might want to > > > restrict the value even further. I'd like opinions on this. > > > > Seems fine to my eyes, but being so close to kmalloc size doesn't seem to > > be a > > good idea. It seems better to choose an arbitrary size big enough to handle > > all current needs. > > I'll apply the current version, but I still think we should restrict it to a > lower value. Hmm... SOB is missing. Márton and Laurent, could you please sign it Cheers, Mauro -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
