On Thu, Dec 01, 2022 at 01:21:41PM +0100, Szymon Heidrich wrote: > Setup function uvc_function_setup permits control transfer > requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), > data stage handler for OUT transfer uses memcpy to copy req->actual > bytes to uvc_event->data.data array of size 60. This may result > in an overflow of 4 bytes. > > Signed-off-by: Szymon Heidrich <szymon.heidrich@xxxxxxxxx> > --- > drivers/usb/gadget/function/f_uvc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) What commit id does this fix? Is it needed for stable kernels? thanks, greg k-h
