[PATCH] fix for potential integer overflow in zoran driver

From: "Ronald S. Bultje" <R.S.Bultje@students.uu.nl> Attached patch fixes a potential integer overflow in zoran_procs.c (part of the zr36067 driver). Bug was detected by Ken Ashcraft with the Stanford checker.

[PATCH] fix for potential integer overflow in zoran driver
From: "Ronald S. Bultje" <R.S.Bultje@students.uu.nl> Attached patch fixes a potential integer overflow in zoran_procs.c (part of the zr36067 driver). Bug was detected by Ken Ashcraft with the Stanford checker.
8afc52a5 · Andrew Morton · Linus Torvalds · de2350c5 · 8afc52a5
Commit 8afc52a5 authored Apr 12, 2004 by Andrew Morton Committed by Linus Torvalds Apr 12, 2004
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

drivers/media/video/zoran_procfs.c drivers/media/video/zoran_procfs.c +4 -0

No files found.
--- a/drivers/media/video/zoran_procfs.c
+++ b/drivers/media/video/zoran_procfs.c
@@ -204,6 +204,10 @@ zoran_write_proc (struct file   *file,
 	char *line, *ldelim, *varname, *svar, *tdelim;
 	struct zoran *zr;

+	/* Random maximum */
+	if (count > 256)
+		return -EINVAL;
+
 	zr = (struct zoran *) data;

 	string = sp = vmalloc(count + 1);