From: Pete Eberlein <pete@sensoray.com>
Date: Thu, 23 Sep 2010 17:43:41 +0000 (-0300)
Subject: [media] go7007: MJPEG buffer overflow
X-Git-Tag: v2.6.37-rc1~64^2~304
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a716e9d75f04ff71fb5e391a7a189b6f1b032bbc;p=pandora-kernel.git

[media] go7007: MJPEG buffer overflow

The go7007 driver has a potential buffer overflow and pointer corruption
bug which causes a crash while capturing MJPEG. The motion detection
(MODET) active_map array can be overflowed by JPEG frame data that
emulates a MODET start code. The active_map overflow overwrites the
active_buf pointer, causing a crash.

The JPEG data that emulated MODET start code was being removed from the
output, resulting in garbled JPEG frames. Therefore ignore MODET start
codes when MODET is not enabled.

Signed-off-by: Pete Eberlein <pete@sensoray.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
---

Reading git-diff-tree failed