[PATCH upstream for stable 1/8] staging: vt6656: [BUG] out of bound array reference in RFbSetPower.
Malcolm Priestley
tvboxspy at gmail.com
Thu Dec 27 12:59:15 UTC 2012
upstream commit
ab1dd9963137a1e122004d5378a581bf16ae9bc8
Tested on kernels 2.6.35, 3.0, 3.2, 3.5 & 3.7
This upstream commit and the ones in patch 2 & 3 are critical for boot
dead lock on 64 bit systems, the remaining commits bring the driver up.
staging: vt6656: [BUG] out of bound array reference in RFbSetPower.
Calling RFbSetPower with uCH zero value will cause out of bound array reference.
This causes 64 bit kernels to oops on boot.
Note: Driver does not function on 64 bit kernels and should be
blacklisted on them.
Cc: stable at kernel.org # 2.6.35+
Signed-off-by: Malcolm Priestley <tvboxspy at gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
diff --git a/drivers/staging/vt6656/rf.c b/drivers/staging/vt6656/rf.c
index 593cdc7..74c0598 100644
--- a/drivers/staging/vt6656/rf.c
+++ b/drivers/staging/vt6656/rf.c
@@ -769,6 +769,9 @@ BYTE byPwr = pDevice->byCCKPwr;
return TRUE;
}
+ if (uCH == 0)
+ return -EINVAL;
+
switch (uRATE) {
case RATE_1M:
case RATE_2M:
More information about the kernel-team
mailing list