shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-11 13:27:06 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
5.4.259-430
linux/drivers/media/usb
History
Zhang Shurong 991c77fe18 media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() 
[ Upstream commit 1047f93430 ]

In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach az6007_i2c_xfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.

Similar commit:
commit 0ed554fd76
("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-23 11:00:04 +02:00
..
airspy
as102
au0828
media: au0828: fix a NULL vs IS_ERR() check
2021-07-14 16:53:21 +02:00
b2c2
media: flexcop-usb: fix control-message timeouts
2022-01-27 09:19:27 +01:00
cpia2
media: cpia2: fix control-message timeouts
2022-01-27 09:19:27 +01:00
cx231xx
dvb-usb
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
2023-09-23 11:00:04 +02:00
dvb-usb-v2
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
2023-09-23 11:00:04 +02:00
em28xx
media: Revert "media: em28xx: add missing em28xx_close_extension"
2022-04-15 14:18:25 +02:00
go7007
media: go7007: Remove redundant if statement
2023-09-23 10:59:51 +02:00
gspca
treewide: Remove uninitialized_var() usage
2023-06-09 10:29:01 +02:00
hackrf
hdpvr
media: hdpvr: fix error value returns in hdpvr_read
2022-08-25 11:17:40 +02:00
msi2500
media: msi2500: assign SPI bus number dynamically
2020-12-30 11:51:00 +01:00
pulse8-cec
pvrusb2
media: pvrusb2: fix memory leak in pvr_probe
2022-09-05 10:27:45 +02:00
pwc
media: pwc: Use correct device for DMA
2021-02-23 15:02:26 +01:00
rainshadow-cec
s2255
media: s2255: fix control-message timeouts
2022-01-27 09:19:27 +01:00
siano
drivers: usb: smsusb: fix error handling code in smsusb_init_device
2023-09-23 10:59:49 +02:00
stk1160
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
2022-04-15 14:18:09 +02:00
stkwebcam
media: stkwebcam: fix memory leak in stk_camera_probe
2021-09-12 08:56:40 +02:00
tm6000
media: tm6000: Avoid card name truncation
2021-11-17 09:48:35 +01:00
ttusb-budget
ttusb-dec
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
2023-06-09 10:28:57 +02:00
usbtv
media: usbtv: Fix deadlock on suspend
2021-03-17 17:03:39 +01:00
usbvision
uvc
treewide: Remove uninitialized_var() usage
2023-06-09 10:29:01 +02:00
zr364xx
media: drivers/media/usb: fix memory leak in zr364xx_probe
2021-08-26 08:36:12 -04:00
Kconfig
Makefile