Re: [PATCH] Staging: dream, fix buf overflow
From: Pavel Machek
Date: Sat Aug 08 2009 - 05:53:03 EST
On Sat 2009-08-08 11:33:58, Jiri Slaby wrote:
> Not even compile-tested. I don't have an arm toolchain.
> --
>
> In vfe_send_msg_no_payload there is a wrong struct vfe_message allocation.
> It allocates only sizeof(pointer to vfe_message) for a whole structure.
> Add a dereference to the sizeof to allocate sizeof(vfe_message).
>
> Signed-off-by: Jiri Slaby <jirislaby@xxxxxxxxx>
Acked-by: Pavel Machek <pavel@xxxxxx>
(Google, you may want to fix this in your code, too.)
> ---
> drivers/staging/dream/camera/msm_vfe8x_proc.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c
> index bb65013..5436f71 100644
> --- a/drivers/staging/dream/camera/msm_vfe8x_proc.c
> +++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c
> @@ -818,7 +818,7 @@ static void vfe_send_msg_no_payload(enum VFE_MESSAGE_ID id)
> {
> struct vfe_message *msg;
>
> - msg = kzalloc(sizeof(msg), GFP_ATOMIC);
> + msg = kzalloc(sizeof(*msg), GFP_ATOMIC);
> if (!msg)
> return;
>
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/