Re: usb/media/uvc: slab-out-of-bounds in uvc_probe

On Thu, Nov 9, 2017 at 2:35 AM, wrote: > Hi, > > Could you try this untested patch. > > Anson Hi! This patch doesn't compile. drivers/media/usb/uvc/uvc_driver.c: In function ‘uvc_parse_standard_control’: drivers/media/usb/uvc/uvcvideo.h:29:43: error: invalid type

usb/media/uvc: slab-out-of-bounds in uvc_probe

Hi! I've got the following report while fuzzing the kernel with syzkaller. On commit 39dae59d66acd86d1de24294bd2f343fd5e7a625 (4.14-rc8). It seems that type == UVC_ITT_CAMERA | 0x8000, that's why the (type == UVC_ITT_CAMERA) check fails and (UVC_ENTITY_TYPE(term) == UVC_ITT_CAMERA) passes, so