Mauro Carvalho Chehab wrote: > Em Wed, 10 Jun 2009 10:52:28 -0300 > Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx> escreveu: > >> Em Mon, 25 May 2009 11:16:34 -0300 >> Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx> escreveu: >> >>> Em Mon, 25 May 2009 13:17:02 +0200 >>> Laurent Pinchart <laurent.pinchart@xxxxxxxxx> escreveu: >>> >>>> Hi everybody, >>>> >>>> Márton Németh found an integer overflow bug in the extended control ioctl >>>> handling code. This affects both video_usercopy and video_ioctl2. See >>>> http://bugzilla.kernel.org/show_bug.cgi?id=13357 for a detailed description of >>>> the problem. >>>> >>>> Restricting v4l2_ext_controls::count to values smaller than KMALLOC_MAX_SIZE / >>>> sizeof(struct v4l2_ext_control) should be enough, but we might want to >>>> restrict the value even further. I'd like opinions on this. >>> Seems fine to my eyes, but being so close to kmalloc size doesn't seem to be a >>> good idea. It seems better to choose an arbitrary size big enough to handle all current needs. >> I'll apply the current version, but I still think we should restrict it to a lower value. > > > Hmm... SOB is missing. Márton and Laurent, could you please sign it As I wrote at http://bugzilla.kernel.org/show_bug.cgi?id=13357#c6 : Tested-by: Márton Németh <nm127@xxxxxxxxxxx> Regards, Márton Németh -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html