Message ID | 20140422125726.GA30238@mwanda (mailing list archive) |
---|---|
State | Superseded, archived |
Headers |
Received: from mail.tu-berlin.de ([130.149.7.33]) by www.linuxtv.org with esmtp (Exim 4.72) (envelope-from <linux-media-owner@vger.kernel.org>) id 1WcaHQ-0007jW-Iv; Tue, 22 Apr 2014 14:58:32 +0200 X-tubIT-Incoming-IP: 209.132.180.67 Received: from vger.kernel.org ([209.132.180.67]) by mail.tu-berlin.de (exim-4.72/mailfrontend-8) with esmtp id 1WcaHN-00062N-lx; Tue, 22 Apr 2014 14:58:32 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751543AbaDVM6N (ORCPT <rfc822;mkrufky@linuxtv.org> + 1 other); Tue, 22 Apr 2014 08:58:13 -0400 Received: from aserp1040.oracle.com ([141.146.126.69]:41221 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751134AbaDVM6L (ORCPT <rfc822;linux-media@vger.kernel.org>); Tue, 22 Apr 2014 08:58:11 -0400 Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s3MCvgtn011014 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 22 Apr 2014 12:57:42 GMT Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s3MCvd4H027410 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Apr 2014 12:57:40 GMT Received: from abhmp0017.oracle.com (abhmp0017.oracle.com [141.146.116.23]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s3MCvd4G003946; Tue, 22 Apr 2014 12:57:39 GMT Received: from mwanda (/41.202.240.5) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 22 Apr 2014 05:57:38 -0700 Date: Tue, 22 Apr 2014 15:57:26 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: hans.verkuil@cisco.com, m.chehab@samsung.com, ext-eero.nurkkala@nokia.com, nils.faerber@kernelconcepts.de, joni.lapilainen@gmail.com, freemangordon@abv.bg, sre@ring0.de, pali.rohar@gmail.com, Greg KH <greg@kroah.com>, trivial@kernel.org, linux-media@vger.kernel.org Cc: kernel list <linux-kernel@vger.kernel.org> Subject: [PATCH v2] radio-bcm2048.c: fix wrong overflow check Message-ID: <20140422125726.GA30238@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <201404221147.05726@pali> User-Agent: Mutt/1.5.21 (2010-09-15) X-Source-IP: ucsinet22.oracle.com [156.151.31.94] Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: <linux-media.vger.kernel.org> X-Mailing-List: linux-media@vger.kernel.org X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.4.22.125119 X-PMX-Spam: Gauge=IIIIIIIII, Probability=9%, Report=' MULTIPLE_RCPTS 0.1, HTML_00_01 0.05, HTML_00_10 0.05, MSGID_ADDED_BY_MTA 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1600_1699 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, INVALID_MSGID_NO_FQDN 0, URI_ENDS_IN_HTML 0, __ANY_URI 0, __CD 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __DATE_TZ_RU 0, __FRAUD_BODY_WEBMAIL 0, __FRAUD_WEBMAIL 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILING_LIST 0, __IN_REP_TO 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MULTIPLE_RCPTS_TO_X5 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_NO_WWW 0, __URI_NS , __USER_AGENT 0' |
Commit Message
Dan Carpenter
April 22, 2014, 12:57 p.m. UTC
From: Pali Rohár <pali.rohar@gmail.com> This patch fixes an off by one check in bcm2048_set_region(). Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- v2: Send it to the correct list. Re-work the changelog. This patch has been floating around for four months but Pavel and Pali are knuckle-heads and don't know how to use get_maintainer.pl so they never send it to linux-media. Also Pali doesn't give reporter credit and Pavel steals authorship credit. Also when you try explain to them about how to send patches correctly they complain that they have been trying but it is too much work so now I have to do it. During the past four months thousands of other people have been able to send patches in the correct format to the correct list but it is too difficult for Pavel and Pali... *sigh*.
Comments
On Tue, 22 Apr 2014, Dan Carpenter wrote: > From: Pali Rohár <pali.rohar@gmail.com> > > This patch fixes an off by one check in bcm2048_set_region(). > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Pali Rohár <pali.rohar@gmail.com> > Signed-off-by: Pavel Machek <pavel@ucw.cz> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > v2: Send it to the correct list. Re-work the changelog. > > This patch has been floating around for four months but Pavel and Pali > are knuckle-heads and don't know how to use get_maintainer.pl so they > never send it to linux-media. > > Also Pali doesn't give reporter credit and Pavel steals authorship > credit. > > Also when you try explain to them about how to send patches correctly > they complain that they have been trying but it is too much work so now > I have to do it. During the past four months thousands of other people > have been able to send patches in the correct format to the correct list > but it is too difficult for Pavel and Pali... *sigh*. Seems like it's not in linux-next as of today, so I am taking it now. Thanks,
On Monday 05 May 2014 15:34:29 Jiri Kosina wrote: > On Tue, 22 Apr 2014, Dan Carpenter wrote: > > From: Pali Rohár <pali.rohar@gmail.com> > > > > This patch fixes an off by one check in > > bcm2048_set_region(). > > > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > > Signed-off-by: Pali Rohár <pali.rohar@gmail.com> > > Signed-off-by: Pavel Machek <pavel@ucw.cz> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > --- > > v2: Send it to the correct list. Re-work the changelog. > > > > This patch has been floating around for four months but > > Pavel and Pali are knuckle-heads and don't know how to use > > get_maintainer.pl so they never send it to linux-media. > > > > Also Pali doesn't give reporter credit and Pavel steals > > authorship credit. > > > > Also when you try explain to them about how to send patches > > correctly they complain that they have been trying but it > > is too much work so now I have to do it. During the past > > four months thousands of other people have been able to > > send patches in the correct format to the correct list but > > it is too difficult for Pavel and Pali... *sigh*. > > Seems like it's not in linux-next as of today, so I am taking > it now. Thanks, I still do not see this patch in torvalds branch... So what is needed to include this security buffer overflow patch into mainline & stable kernels?
On 05/09/2014 06:10 PM, Pali Rohár wrote: > On Monday 05 May 2014 15:34:29 Jiri Kosina wrote: >> On Tue, 22 Apr 2014, Dan Carpenter wrote: >>> From: Pali Rohár <pali.rohar@gmail.com> >>> >>> This patch fixes an off by one check in >>> bcm2048_set_region(). >>> >>> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> >>> Signed-off-by: Pali Rohár <pali.rohar@gmail.com> >>> Signed-off-by: Pavel Machek <pavel@ucw.cz> >>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> >>> --- >>> v2: Send it to the correct list. Re-work the changelog. >>> >>> This patch has been floating around for four months but >>> Pavel and Pali are knuckle-heads and don't know how to use >>> get_maintainer.pl so they never send it to linux-media. >>> >>> Also Pali doesn't give reporter credit and Pavel steals >>> authorship credit. >>> >>> Also when you try explain to them about how to send patches >>> correctly they complain that they have been trying but it >>> is too much work so now I have to do it. During the past >>> four months thousands of other people have been able to >>> send patches in the correct format to the correct list but >>> it is too difficult for Pavel and Pali... *sigh*. >> >> Seems like it's not in linux-next as of today, so I am taking >> it now. Thanks, > > I still do not see this patch in torvalds branch... So what is > needed to include this security buffer overflow patch into > mainline & stable kernels? > Today I collected a pile of pending patches including this one and posted a pull request on the linux-media mailinglist. Once Mauro picks it up it will appear in our tree and then linux-next. He's been travelling for the past two weeks, so he'll have a sizable backlog. Just be patient, it's not forgotten. Regards, Hans -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 9 May 2014, Pali Rohár wrote: > > Seems like it's not in linux-next as of today, so I am taking > > it now. Thanks, > > I still do not see this patch in torvalds branch... So what is > needed to include this security buffer overflow patch into > mainline & stable kernels? I picked it up 4 days ago into trivial.git, which is a tree that doesn't get pushed to Linus really super-often. Of course, if, in the meantime, this goes in through maintainer tree, even better.
diff --git a/drivers/staging/media/bcm2048/radio-bcm2048.c b/drivers/staging/media/bcm2048/radio-bcm2048.c index b2cd3a8..bbf236e 100644 --- a/drivers/staging/media/bcm2048/radio-bcm2048.c +++ b/drivers/staging/media/bcm2048/radio-bcm2048.c @@ -737,7 +737,7 @@ static int bcm2048_set_region(struct bcm2048_device *bdev, u8 region) int err; u32 new_frequency = 0; - if (region > ARRAY_SIZE(region_configs)) + if (region >= ARRAY_SIZE(region_configs)) return -EINVAL; mutex_lock(&bdev->mutex);