On Wednesday 10 June 2009 15:53:57 Mauro Carvalho Chehab wrote: > Em Wed, 10 Jun 2009 10:52:28 -0300 > > Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx> escreveu: > > Em Mon, 25 May 2009 11:16:34 -0300 > > > > Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx> escreveu: > > > Em Mon, 25 May 2009 13:17:02 +0200 > > > > > > Laurent Pinchart <laurent.pinchart@xxxxxxxxx> escreveu: > > > > Hi everybody, > > > > > > > > Márton Németh found an integer overflow bug in the extended control > > > > ioctl handling code. This affects both video_usercopy and > > > > video_ioctl2. See http://bugzilla.kernel.org/show_bug.cgi?id=13357 > > > > for a detailed description of the problem. > > > > > > > > > > > > Restricting v4l2_ext_controls::count to values smaller than > > > > KMALLOC_MAX_SIZE / sizeof(struct v4l2_ext_control) should be enough, > > > > but we might want to restrict the value even further. I'd like > > > > opinions on this. > > > > > > Seems fine to my eyes, but being so close to kmalloc size doesn't seem > > > to be a good idea. It seems better to choose an arbitrary size big > > > enough to handle all current needs. > > > > I'll apply the current version, but I still think we should restrict it > > to a lower value. > > Hmm... SOB is missing. Márton and Laurent, could you please sign it Signed-off-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxx> Cheers, Laurent Pinchart -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
