summaryrefslogtreecommitdiffstats
path: root/include/kvm
diff options
context:
space:
mode:
authorZhang Shurong <zhang_shurong@foxmail.com>2023-07-10 13:32:13 +0800
committerHans Verkuil <hverkuil-cisco@xs4all.nl>2023-07-19 12:57:50 +0200
commitb97719a66970601cd3151a3e2020f4454a1c4ff6 (patch)
tree6e9a8ca64b280d1bc81997f344301afdbdfb77cf /include/kvm
parentf7e0f1f52424bfdfa8efd6eb6496d5d6244ee3bb (diff)
downloadlinux-stable-b97719a66970601cd3151a3e2020f4454a1c4ff6.tar.gz
linux-stable-b97719a66970601cd3151a3e2020f4454a1c4ff6.tar.bz2
linux-stable-b97719a66970601cd3151a3e2020f4454a1c4ff6.zip
media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer
In gl861_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach gl861_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Diffstat (limited to 'include/kvm')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 18:15:54 +0000