Patch "staging: vt6656: [BUG] out of bound array reference in RFbSetPower." has been added to the 3.4-stable tree

Mon, 14 Jan 2013 11:06:27 -0800 

This is a note to let you know that I've just added the patch titled

    staging: vt6656: [BUG] out of bound array reference in RFbSetPower.

to the 3.4-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     staging-vt6656-out-of-bound-array-reference-in-rfbsetpower.patch
and it can be found in the queue-3.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From ab1dd9963137a1e122004d5378a581bf16ae9bc8 Mon Sep 17 00:00:00 2001
From: Malcolm Priestley <[email protected]>
Date: Sun, 7 Oct 2012 08:27:00 +0100
Subject: staging: vt6656: [BUG] out of bound array reference in RFbSetPower.

From: Malcolm Priestley <[email protected]>

commit ab1dd9963137a1e122004d5378a581bf16ae9bc8 upstream.

Calling RFbSetPower with uCH zero value will cause out of bound array reference.

This causes 64 bit kernels to oops on boot.

Note: Driver does not function on 64 bit kernels and should be
blacklisted on them.

Signed-off-by: Malcolm Priestley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 drivers/staging/vt6656/rf.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/staging/vt6656/rf.c
+++ b/drivers/staging/vt6656/rf.c
@@ -769,6 +769,9 @@ BYTE    byPwr = pDevice->byCCKPwr;
         return TRUE;
     }
 
+       if (uCH == 0)
+               return -EINVAL;
+
     switch (uRATE) {
     case RATE_1M:
     case RATE_2M:


Patches currently in stable-queue which might be from [email protected] are

queue-3.4/staging-vt6656-64bit-fixes-vcommandtimerwait-change-calculation-of-timer.patch
queue-3.4/staging-vt6656-out-of-bound-array-reference-in-rfbsetpower.patch
queue-3.4/staging-vt6656-64-bit-fixes-correct-all-type-sizes.patch
queue-3.4/staging-vt6656-64bit-fixes-key.c-h-change-unsigned-long-to-u32.patch
queue-3.4/staging-vt6656-64-bit-fixes-fix-long-warning-messages.patch
queue-3.4/staging-vt6656-64-bit-fixes-use-u32-for-qword-definition.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to