The patch titled
cpia.c: buffer overflow
has been removed from the -mm tree. Its filename was
cpiac-buffer-overflow.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
Subject: cpia.c: buffer overflow
From: Alexey Dobriyan <[EMAIL PROTECTED]>
If assigned minor is 10 or greater, terminator will be put beyound the end.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
Cc: Mauro Carvalho Chehab <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---
drivers/media/video/cpia.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff -puN drivers/media/video/cpia.c~cpiac-buffer-overflow
drivers/media/video/cpia.c
--- a/drivers/media/video/cpia.c~cpiac-buffer-overflow
+++ a/drivers/media/video/cpia.c
@@ -1350,13 +1350,13 @@ out:
static void create_proc_cpia_cam(struct cam_data *cam)
{
- char name[7];
+ char name[5 + 1 + 10 + 1];
struct proc_dir_entry *ent;
if (!cpia_proc_root || !cam)
return;
- sprintf(name, "video%d", cam->vdev.minor);
+ snprintf(name, sizeof(name), "video%d", cam->vdev.minor);
ent = create_proc_entry(name, S_IFREG|S_IRUGO|S_IWUSR, cpia_proc_root);
if (!ent)
@@ -1376,12 +1376,12 @@ static void create_proc_cpia_cam(struct
static void destroy_proc_cpia_cam(struct cam_data *cam)
{
- char name[7];
+ char name[5 + 1 + 10 + 1];
if (!cam || !cam->proc_entry)
return;
- sprintf(name, "video%d", cam->vdev.minor);
+ snprintf(name, sizeof(name), "video%d", cam->vdev.minor);
remove_proc_entry(name, cpia_proc_root);
cam->proc_entry = NULL;
}
_
Patches currently in -mm which might be from [EMAIL PROTECTED] are
git-dvb.patch
git-mtd.patch
megaraid-fix-warnings-when-config_proc_fs=n.patch
proc-remove-useless-and-buggy-nlink-settings.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
