The patch titled ivtv: read buffer overflow has been removed from the -mm tree. Its filename was ivtv-read-buffer-overflow.patch This patch was dropped because it was merged into mainline or a subsystem tree The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: ivtv: read buffer overflow From: Roel Kluin <roel.kluin@xxxxxxxxx> This mistakenly tests against sizeof(freqs) instead of the array size. Due to the mask the only illegal value possible was 3. Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx> Cc: Hans Verkuil <hverkuil@xxxxxxxxx> Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/media/video/ivtv/ivtv-controls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN drivers/media/video/ivtv/ivtv-controls.c~ivtv-read-buffer-overflow drivers/media/video/ivtv/ivtv-controls.c --- a/drivers/media/video/ivtv/ivtv-controls.c~ivtv-read-buffer-overflow +++ a/drivers/media/video/ivtv/ivtv-controls.c @@ -17,6 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include <linux/kernel.h> #include "ivtv-driver.h" #include "ivtv-cards.h" @@ -281,7 +282,7 @@ int ivtv_s_ext_ctrls(struct file *file, idx = p.audio_properties & 0x03; /* The audio clock of the digitizer must match the codec sample rate otherwise you get some very strange effects. */ - if (idx < sizeof(freqs)) + if (idx < ARRAY_SIZE(freqs)) ivtv_call_all(itv, audio, s_clock_freq, freqs[idx]); return err; } _ Patches currently in -mm which might be from roel.kluin@xxxxxxxxx are linux-next.patch x86-fix-buffer-overflow-in-efi_init.patch s3c-fix-check-of-index-into-s3c_gpios.patch stmp3xxx-deallocation-with-negative-index-of-descriptors.patch dm-strncpy-does-not-null-terminate-string.patch powerpc-sky-cpu-redundant-or-incorrect-tests-on-unsigned.patch powerpc-fsl-booke-read-buffer-overflow.patch media-strncpy-does-not-null-terminate-string.patch siano-read-buffer-overflow.patch drivers-media-video-bw-qcamc-fix-read-buffer-overflow.patch stk-webcam-read-buffer-overflow.patch hid-fix-read-buffer-overflow.patch ipath-strncpy-does-not-null-terminate-string.patch mips-decrease-size-of-au1xxx_dbdma_pm_regs.patch mips-read-buffer-overflow.patch slram-read-buffer-overflow.patch slram-read-buffer-overflow-cleanup.patch mtd-fix-read-buffer-overflow.patch irda-fix-read-buffer-overflow.patch atlx-strncpy-does-not-null-terminate-string.patch ext4-remove-redundant-test-on-unsigned.patch ocfs2-keep-index-within-status_map.patch cyclades-read-buffer-overflow.patch drivers-scsi-fnic-fnic_scsic-clean-up.patch ibmmca-buffer-overflow.patch scsi-eata-fix-buffer-overflow.patch drivers-scsi-gdthc-fix-buffer-overflow.patch drivers-scsi-iprh-fix-buffer-overflow.patch drivers-scsi-u14-34fc-fix-uffer-overflow.patch i915-fix-read-outside-array-bounds.patch frv-duplicate-output_buffer-of-e03.patch frv-duplicate-output_buffer-of-e03-checkpatch-fixes.patch arch-alpha-boot-tools-objstripc-wrong-variable-tested-after-open.patch m32r-remove-redundant-tests-on-unsigned.patch m68k-count-can-reach-51-not-50.patch m68k-cnt-reaches-1-not-0.patch dme1737-keep-index-within-pwm_config.patch ncpfs-read-buffer-overflow.patch smbfs-read-buffer-overflow.patch platinumfb-misplaced-parenthesis.patch sisfb-read-buffer-overflow.patch drivers-video-console-newport_conc-fix-read-outside-array-bounds.patch adfs-remove-redundant-test-on-unsigned.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html