All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Staging: dream, fix buf overflow
@ 2009-08-08  9:33 Jiri Slaby
  2009-08-08  9:52 ` Pavel Machek
  0 siblings, 1 reply; 2+ messages in thread
From: Jiri Slaby @ 2009-08-08  9:33 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: pavel, swetland, ibm, san, linux-kernel, Jiri Slaby

Not even compile-tested. I don't have an arm toolchain.
--

In vfe_send_msg_no_payload there is a wrong struct vfe_message allocation.
It allocates only sizeof(pointer to vfe_message) for a whole structure.
Add a dereference to the sizeof to allocate sizeof(vfe_message).

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
---
 drivers/staging/dream/camera/msm_vfe8x_proc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c
index bb65013..5436f71 100644
--- a/drivers/staging/dream/camera/msm_vfe8x_proc.c
+++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c
@@ -818,7 +818,7 @@ static void vfe_send_msg_no_payload(enum VFE_MESSAGE_ID id)
 {
 	struct vfe_message *msg;
 
-	msg = kzalloc(sizeof(msg), GFP_ATOMIC);
+	msg = kzalloc(sizeof(*msg), GFP_ATOMIC);
 	if (!msg)
 		return;
 
-- 
1.6.3.3


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] Staging: dream, fix buf overflow
  2009-08-08  9:33 [PATCH] Staging: dream, fix buf overflow Jiri Slaby
@ 2009-08-08  9:52 ` Pavel Machek
  0 siblings, 0 replies; 2+ messages in thread
From: Pavel Machek @ 2009-08-08  9:52 UTC (permalink / raw)
  To: Jiri Slaby; +Cc: Greg Kroah-Hartman, swetland, ibm, san, linux-kernel

On Sat 2009-08-08 11:33:58, Jiri Slaby wrote:
> Not even compile-tested. I don't have an arm toolchain.
> --
> 
> In vfe_send_msg_no_payload there is a wrong struct vfe_message allocation.
> It allocates only sizeof(pointer to vfe_message) for a whole structure.
> Add a dereference to the sizeof to allocate sizeof(vfe_message).
> 
> Signed-off-by: Jiri Slaby <jirislaby@gmail.com>

Acked-by: Pavel Machek <pavel@ucw.cz>

(Google, you may want to fix this in your code, too.)

> ---
>  drivers/staging/dream/camera/msm_vfe8x_proc.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c
> index bb65013..5436f71 100644
> --- a/drivers/staging/dream/camera/msm_vfe8x_proc.c
> +++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c
> @@ -818,7 +818,7 @@ static void vfe_send_msg_no_payload(enum VFE_MESSAGE_ID id)
>  {
>  	struct vfe_message *msg;
>  
> -	msg = kzalloc(sizeof(msg), GFP_ATOMIC);
> +	msg = kzalloc(sizeof(*msg), GFP_ATOMIC);
>  	if (!msg)
>  		return;
>  

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-08-08  9:52 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-08-08  9:33 [PATCH] Staging: dream, fix buf overflow Jiri Slaby
2009-08-08  9:52 ` Pavel Machek

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.