Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yang Xiao <92siuyang@xxxxxxxxx> writes:

> If given malicious descritors that spcify 0 for the number of endpoints,
> then there is a null pointer deference when calling function
> usb_endpoint_is_bulk_in.
>
>        for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {

Try this:

#include <stdio.h>
int main()
{
        int i;
        for (i=0; i<0; ++i)
                printf("%d\n");
        return 0;
}

How many lines did it print?


Bjørn
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux