iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/staging
History
Dan Carpenter e384a41141 Staging: comedi: integer overflow in do_insnlist_ioctl() 
There is an integer overflow here that could cause memory corruption
on 32 bit systems.

insnlist.n_insns could be a very high value size calculation for
kmalloc() could overflow resulting in a smaller "insns" than
expected.  In the for (i = 0; i < insnlist.n_insns; i++) {... loop
we would read past the end of the buffer, possibly corrupting memory
as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 18:34:15 -08:00
..
asus_oled
bcm
Staging: bcm: Fix three initialization errors in InterfaceDld.c
2011-10-23 10:16:34 +02:00
comedi
Staging: comedi: integer overflow in do_insnlist_ioctl()
2011-11-26 18:34:15 -08:00
cptm1217
crystalhd
staging: crystalhd/bc_dts_types.h: typedef cleanup
2011-09-16 20:12:56 +02:00
cxt1e1
staging: Add module.h to more drivers implicitly using it.
2011-10-31 19:32:10 -04:00
echo
drivers: staging: echo: Fix coding style issues.
2011-07-05 20:37:37 -07:00
et131x
staging: fix more ET131X build errors
2011-11-18 15:00:54 -08:00
frontier
ft1000
staging: ft1000: dont cast void* from kmalloc()
2011-08-23 15:22:57 -07:00
gma500
staging: Add module.h to more drivers implicitly using it.
2011-10-31 19:32:10 -04:00
hv
Merge branch 'x86-hyperv-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2011-10-28 05:08:40 -07:00
iio
iio: fix a leak due to improper use of anon_inode_getfd()
2011-11-21 17:25:37 -05:00
intel_sst
staging: Add module.h to more drivers implicitly using it.
2011-10-31 19:32:10 -04:00
keucr
Staging: keucr: fix comments, braces, whitespaces coding style issue in tm6000.h
2011-08-23 14:38:45 -07:00
line6
staging: Add export.h for THIS_MODULE/EXPORT_SYMBOL to drivers/staging users.
2011-10-31 19:32:08 -04:00
media
media/staging: fix allyesconfig build error
2011-11-17 10:29:02 -02:00
mei
staging: mei: clean the TODO file from done tasks.
2011-10-17 15:46:48 -07:00
nvec
staging/nvec: fix compilation error in nvec.c
2011-10-17 15:24:11 -07:00
octeon
STAGING: octeon-ethernet: Fix compile error caused by skb_frag_struct change
2011-11-09 17:14:27 +00:00
olpc_dcon
staging: Add module.h to drivers/staging users
2011-08-25 17:01:20 -07:00
panel
staging: panel: Fixed checkpatch warning about simple_strtoul()
2011-09-06 16:49:29 -07:00
phison
pohmelfs
filesystems: add set_nlink()
2011-11-02 12:53:43 +01:00
quatech_usb2
staging: quatech_usb2: Potential lost wakeup scenario in TIOCMIWAIT
2011-09-19 10:46:18 -07:00
quickstart
rtl8187se
Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2011-10-26 15:39:02 +02:00
rtl8192e
Staging: rtl8192e: off by one in rtl8192_get_channel_map()
2011-09-26 17:26:03 -07:00
rtl8192u
Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2011-10-26 15:39:02 +02:00
rtl8712
staging: r8712u: Fix possible out-of-bounds index with TKIP and AES keys
2011-10-11 10:02:49 -06:00
rts5139
staging: Add export.h for THIS_MODULE/EXPORT_SYMBOL to drivers/staging users.
2011-10-31 19:32:08 -04:00
rts_pstor
staging:rts_pstor:Complete scanning_done variable
2011-11-26 17:37:39 -08:00
sbe-2t3e3
sep
staging: sep: call to sep_ioctl() may leave driver in unusable state
2011-09-06 16:49:29 -07:00
serial
TTY: serial, move 68360 driver to staging
2011-09-22 16:00:20 -07:00
serqt_usb2
staging: serqt_usb2: remove ssu100 from supported devices
2011-08-29 11:20:11 -07:00
slicoss
staging: slicoss depends on NET
2011-11-18 15:00:48 -08:00
sm7xx
staging: Add module.h to drivers/staging users
2011-08-25 17:01:20 -07:00
speakup
drivers/staging/speakup/devsynth.c: fix "buffer size is not provably correct" error
2011-08-02 16:09:46 -07:00
spectra
Merge git://git.infradead.org/mtd-2.6
2011-11-07 09:11:16 -08:00
ste_rmi4
staging: Add module.h to drivers/staging users
2011-08-25 17:01:20 -07:00
tidspbridge
staging: tidspbridge: MMU2 registers are limited to 32-bit data access
2011-10-19 13:42:49 -07:00
usbip
staging: usbip: bugfix for deadlock
2011-11-26 17:37:38 -08:00
vme
staging: vme_user: rename USER_BUS_MAX to VME_USER_BUS_MAX
2011-10-17 15:43:13 -07:00
vt6655
Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2011-10-26 15:39:02 +02:00
vt6656
Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2011-10-26 15:39:02 +02:00
winbond
staging: Add module.h to more drivers implicitly using it.
2011-10-31 19:32:10 -04:00
wlags49_h2
staging: Add module.h to more drivers implicitly using it.
2011-10-31 19:32:10 -04:00
wlags49_h25
Staging: wlags49_h25: Makefile: remove unneeded stuff
2011-10-18 13:36:04 -07:00
wlan-ng
net: remove use of ndo_set_multicast_list in drivers
2011-08-17 20:22:03 -07:00
xgifb
Merge branch 'fbdev-next' of git://github.com/schandinat/linux-2.6
2011-10-30 15:30:01 -07:00
zcache
Merge branch 'staging-next' into Linux 3.1
2011-10-25 09:18:11 +02:00
zram
Merge branch 'for-3.2/core' of git://git.kernel.dk/linux-block
2011-11-04 17:06:58 -07:00
Kconfig
staging: Move media drivers to staging/media
2011-11-03 07:59:03 -02:00
Makefile
staging: Move media drivers to staging/media
2011-11-03 07:59:03 -02:00
staging.c