The patch titled
cpia.c: buffer overflow
has been added to the -mm tree. Its filename is
cpiac-buffer-overflow.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: cpia.c: buffer overflow
From: Alexey Dobriyan <adobriyan@xxxxxxxxx>
If assigned minor is 10 or greater, terminator will be put beyound the end.
Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
drivers/media/video/cpia.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff -puN drivers/media/video/cpia.c~cpiac-buffer-overflow drivers/media/video/cpia.c
--- a/drivers/media/video/cpia.c~cpiac-buffer-overflow
+++ a/drivers/media/video/cpia.c
@@ -1350,13 +1350,13 @@ out:
static void create_proc_cpia_cam(struct cam_data *cam)
{
- char name[7];
+ char name[5 + 1 + 10 + 1];
struct proc_dir_entry *ent;
if (!cpia_proc_root || !cam)
return;
- sprintf(name, "video%d", cam->vdev.minor);
+ snprintf(name, sizeof(name), "video%d", cam->vdev.minor);
ent = create_proc_entry(name, S_IFREG|S_IRUGO|S_IWUSR, cpia_proc_root);
if (!ent)
@@ -1376,12 +1376,12 @@ static void create_proc_cpia_cam(struct
static void destroy_proc_cpia_cam(struct cam_data *cam)
{
- char name[7];
+ char name[5 + 1 + 10 + 1];
if (!cam || !cam->proc_entry)
return;
- sprintf(name, "video%d", cam->vdev.minor);
+ snprintf(name, sizeof(name), "video%d", cam->vdev.minor);
remove_proc_entry(name, cpia_proc_root);
cam->proc_entry = NULL;
}
_
Patches currently in -mm which might be from adobriyan@xxxxxxxxx are
git-dvb.patch
cpiac-buffer-overflow.patch
git-mtd.patch
megaraid-fix-warnings-when-config_proc_fs=n.patch
proc-remove-useless-and-buggy-nlink-settings.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
