git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 94d4350) | patch
[media] go7007: MJPEG buffer overflow
authorPete Eberlein <pete@sensoray.com>
Thu, 23 Sep 2010 17:43:41 +0000 (14:43 -0300)
committerMauro Carvalho Chehab <mchehab@redhat.com>
Thu, 21 Oct 2010 03:17:03 +0000 (01:17 -0200)
commita716e9d75f04ff71fb5e391a7a189b6f1b032bbc
tree7268fc4aba94503801ab6f322cf9f52aff854aa4tree | snapshot
parent94d4350c544066d590eee93582220128e8be8b1ccommit | diff
[media] go7007: MJPEG buffer overflow

The go7007 driver has a potential buffer overflow and pointer corruption
bug which causes a crash while capturing MJPEG. The motion detection
(MODET) active_map array can be overflowed by JPEG frame data that
emulates a MODET start code. The active_map overflow overwrites the
active_buf pointer, causing a crash.

The JPEG data that emulated MODET start code was being removed from the
output, resulting in garbled JPEG frames. Therefore ignore MODET start
codes when MODET is not enabled.

Signed-off-by: Pete Eberlein <pete@sensoray.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
drivers/staging/go7007/go7007-driver.c diff | blob | history
Pandora Kernel Repository