summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorXi Wang <xi.wang@gmail.com>2011-11-25 16:46:51 -0500
committerGreg Kroah-Hartman <gregkh@suse.de>2011-11-28 04:38:45 +0900
commitdfd8ee92a9192d78aa38cf8699df3630a7c88c85 (patch)
tree6d567e20e8bc4d185e402636d3a5b2ae84355114 /Documentation
parent06b446c8af5db5a98b2eaa30b513c79089ed254b (diff)
Staging: comedi: fix integer overflow in do_insnlist_ioctl()
There is a potential integer overflow in do_insnlist_ioctl() if userspace passes in a large insnlist.n_insns. The call to kmalloc() would allocate a small buffer, leading to a memory corruption. The bug was reported by Dan Carpenter <dan.carpenter@oracle.com> and Haogang Chen <haogangchen@gmail.com>. The patch was suggested by Ian Abbott <abbotti@mev.co.uk> and Lars-Peter Clausen <lars@metafoo.de>. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Reported-by: Haogang Chen <haogangchen@gmail.com>. Cc: Ian Abbott <abbotti@mev.co.uk> Cc: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions