Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

Hi Mauro, On Wednesday 10 June 2009 23:58:31 Laurent Pinchart wrote: On Wednesday 10 June 2009 15:53:57 Mauro Carvalho Chehab wrote: Em Wed, 10 Jun 2009 10:52:28 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 11:16:34 -0300 Mauro Carvalho Chehab

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

Laurent Pinchart wrote: Hi Mauro, On Wednesday 10 June 2009 23:58:31 Laurent Pinchart wrote: On Wednesday 10 June 2009 15:53:57 Mauro Carvalho Chehab wrote: Em Wed, 10 Jun 2009 10:52:28 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 11:16:34 -0300 Mauro

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

Em Mon, 25 May 2009 11:16:34 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 13:17:02 +0200 Laurent Pinchart laurent.pinch...@skynet.be escreveu: Hi everybody, Márton Németh found an integer overflow bug in the extended control ioctl handling code.

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

Em Wed, 10 Jun 2009 10:52:28 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 11:16:34 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 13:17:02 +0200 Laurent Pinchart laurent.pinch...@skynet.be escreveu: Hi everybody,

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

Mauro Carvalho Chehab wrote: Em Wed, 10 Jun 2009 10:52:28 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 11:16:34 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 13:17:02 +0200 Laurent Pinchart laurent.pinch...@skynet.be

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

On Wednesday 10 June 2009 15:53:57 Mauro Carvalho Chehab wrote: Em Wed, 10 Jun 2009 10:52:28 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 11:16:34 -0300 Mauro Carvalho Chehab mche...@infradead.org escreveu: Em Mon, 25 May 2009 13:17:02 +0200

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

Laurent Pinchart worte: Could a very large number of control requests be used as a DoS attack vector ? A userspace application could kmalloc large amounts of memory without any restriction. Memory would be reclaimed eventually, but after performing a large number of USB requests, which

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

On Monday 25 May 2009 21:22:06 Trent Piepho wrote: On Mon, 25 May 2009, Laurent Pinchart wrote: diff -r e0d881b21bc9 linux/drivers/media/video/v4l2-ioctl.c --- a/linux/drivers/media/video/v4l2-ioctl.cTue May 19 15:12:17 2009 +0200 +++ b/linux/drivers/media/video/v4l2-ioctl.c Sun

Re: [RFC, PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

On Monday 25 May 2009 21:22:06 Trent Piepho wrote: On Mon, 25 May 2009, Laurent Pinchart wrote: diff -r e0d881b21bc9 linux/drivers/media/video/v4l2-ioctl.c --- a/linux/drivers/media/video/v4l2-ioctl.c Tue May 19 15:12:17 2009 +0200 +++ b/linux/drivers/media/video/v4l2-ioctl.c Sun

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

Em Mon, 25 May 2009 13:17:02 +0200 Laurent Pinchart laurent.pinch...@skynet.be escreveu: Hi everybody, Márton Németh found an integer overflow bug in the extended control ioctl handling code. This affects both video_usercopy and video_ioctl2. See

Re: [RFC,PATCH] VIDIOC_G_EXT_CTRLS does not handle NULL pointer correctly

On Mon, 25 May 2009, Laurent Pinchart wrote: diff -r e0d881b21bc9 linux/drivers/media/video/v4l2-ioctl.c --- a/linux/drivers/media/video/v4l2-ioctl.c Tue May 19 15:12:17 2009 +0200 +++ b/linux/drivers/media/video/v4l2-ioctl.c Sun May 24 18:26:29 2009 +0200 @@ -402,6 +402,10 @@