summaryrefslogtreecommitdiffstats
path: root/drivers/media/video/cafe_ccic.c
diff options
context:
space:
mode:
authorPete Eberlein <pete@sensoray.com>2010-09-23 14:43:41 -0300
committerMauro Carvalho Chehab <mchehab@redhat.com>2010-10-21 01:17:03 -0200
commita716e9d75f04ff71fb5e391a7a189b6f1b032bbc (patch)
tree7268fc4aba94503801ab6f322cf9f52aff854aa4 /drivers/media/video/cafe_ccic.c
parent94d4350c544066d590eee93582220128e8be8b1c (diff)
[media] go7007: MJPEG buffer overflow
The go7007 driver has a potential buffer overflow and pointer corruption bug which causes a crash while capturing MJPEG. The motion detection (MODET) active_map array can be overflowed by JPEG frame data that emulates a MODET start code. The active_map overflow overwrites the active_buf pointer, causing a crash. The JPEG data that emulated MODET start code was being removed from the output, resulting in garbled JPEG frames. Therefore ignore MODET start codes when MODET is not enabled. Signed-off-by: Pete Eberlein <pete@sensoray.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Diffstat (limited to 'drivers/media/video/cafe_ccic.c')
0 files changed, 0 insertions, 0 deletions