Dan Carpenter 82077215ed media: pvrusb2: Prevent a buffer overflow ... [ Upstream commit c1ced46c7b49ad7bc064e68d966e0ad303f917fb ] The ctrl_check_input() function is called from pvr2_ctrl_range_check(). It's supposed to validate user supplied input and return true or false depending on whether the input is valid or not. The problem is that negative shifts or shifts greater than 31 are undefined in C. In practice with GCC they result in shift wrapping so this function returns true for some inputs which are not valid and this could result in a buffer overflow: drivers/media/usb/pvrusb2/pvrusb2-ctrl.c:205 pvr2_ctrl_get_valname() warn: uncapped user index 'names[val]' The cptr->hdw->input_allowed_mask mask is configured in pvr2_hdw_create() and the highest valid bit is BIT(4). Fixes: 7fb20fa38c ("V4L/DVB (7299): pvrusb2: Improve logic which handles input choice availability") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2019-06-11 12:23:58 +02:00
..
accessibility
acpi	ACPI / SBS: Fix GPE storm on recent MacBookPro's	2019-04-27 09:33:58 +02:00
amba
android
ata	libata: fix using DMA buffers on stack	2019-05-16 19:44:59 +02:00
atm	atm: he: fix sign-extension overflow on large shift	2019-03-23 08:44:16 +01:00
auxdisplay
base	x86/speculation/mds: Add sysfs reporting for MDS	2019-05-16 19:45:14 +02:00
bcma
block	xsysace: Fix error handling in ace_setup	2019-05-16 19:45:02 +02:00
bluetooth	Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"	2018-11-27 16:08:01 +01:00
bus
cdrom	cdrom: Fix race condition in cdrom_sysctl_register	2019-04-27 09:33:52 +02:00
char	ipmi:ssif: compare block number correctly for multi-part return messages	2019-06-11 12:23:39 +02:00
clk	clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider	2019-06-11 12:23:45 +02:00
clocksource	clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown	2019-03-23 08:44:35 +01:00
connector
cpufreq	cpufreq: pxa2xx: remove incorrect __init annotation	2019-03-23 08:44:36 +01:00
cpuidle	cpuidle: big.LITTLE: fix refcount leak	2019-02-20 10:13:09 +01:00
crypto	crypto: vmx - CTR: always increment IV as quadword	2019-06-11 12:23:51 +02:00
dca
devfreq	PM / devfreq: tegra: fix error return code in tegra_devfreq_probe()	2018-11-10 07:41:40 -08:00
dio
dma	dmaengine: at_xdmac: remove BUG_ON macro in tasklet	2019-06-11 12:23:57 +02:00
dma-buf
edac	EDAC, i7core: Fix memleaks and use-after-free on probe and remove	2018-10-10 08:52:06 +02:00
eisa
extcon	extcon: usb-gpio: Don't miss event during suspend/resume	2019-04-03 06:23:18 +02:00
firewire
firmware	efi: stub: define DISABLE_BRANCH_PROFILING for all architectures	2019-04-03 06:23:20 +02:00
fmc
fpga
gpio	gpio: gpio-omap: fix level interrupt idling	2019-04-27 09:33:48 +02:00
gpu	gpu: ipu-v3: dp: fix CSC handling	2019-05-16 19:45:07 +02:00
hid	HID: logitech-hidpp: use RAP instead of FAP to get the protocol version	2019-06-11 12:23:57 +02:00
hsi
hv	Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels	2019-01-13 10:05:27 +01:00
hwmon	hwmon: (lm80) Fix missing unlock on error in set_fan_div()	2019-02-23 09:05:13 +01:00
hwspinlock
hwtracing	intel_th: msu: Fix single mode with IOMMU	2019-06-11 12:23:44 +02:00
i2c	i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA	2019-04-27 09:33:47 +02:00
ide	ide: pmac: add of_node_put()	2018-12-21 14:09:52 +01:00
idle
iio	iio: adc: xilinx: fix potential use-after-free on remove	2019-05-16 19:45:05 +02:00
infiniband	IB/mlx4: Fix race condition between catas error reset and aliasguid flows	2019-04-27 09:33:56 +02:00
input	Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ	2019-05-16 19:45:03 +02:00
iommu	iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114	2019-06-11 12:23:46 +02:00
ipack
irqchip	irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable	2019-03-23 08:44:27 +01:00
isdn	mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S	2019-04-03 06:23:25 +02:00
leds	leds: lp55xx: fix null deref on firmware load failure	2019-04-27 09:33:51 +02:00
lguest
lightnvm
macintosh	macintosh/via-pmu: Add missing mmio accessors	2018-09-19 22:48:57 +02:00
mailbox
mcb
md	bcache: avoid clang -Wunintialized warning	2019-06-11 12:23:56 +02:00
media	media: pvrusb2: Prevent a buffer overflow	2019-06-11 12:23:58 +02:00
memory	memory: tegra: Fix integer overflow on tick value calculation	2019-06-11 12:23:46 +02:00
memstick	memstick: Prevent memstick host from getting runtime suspended during card detection	2019-02-20 10:13:09 +01:00
message
mfd	mfd: mc13xxx: Fix a missing check of a register-read failure	2019-03-23 08:44:16 +01:00
misc	misc: vexpress: Off by one in vexpress_syscfg_exec()	2019-02-20 10:13:18 +01:00
mmc	mmc: core: Verify SD bus width	2019-06-11 12:23:54 +02:00
mtd	mtd: rawnand: gpmi: fix MX28 bus master lockup problem	2019-02-20 10:13:17 +01:00
net	net: cw1200: fix a NULL pointer dereference	2019-06-11 12:23:55 +02:00
nfc	NFC: nxp-nci: Include unaligned.h instead of access_ok.h	2019-02-20 10:13:20 +01:00
ntb
nubus
nvdimm	libnvdimm/btt: Fix a kmemdup failure check	2019-05-16 19:45:05 +02:00
nvme
nvmem
of	of: add helper to lookup compatible child node	2018-12-01 09:46:35 +01:00
oprofile
parisc
parport	parport_pc: fix find_superio io compare code, should use equal test.	2019-03-23 08:44:37 +01:00
pci	PCI: Mark Atheros AR9462 to avoid bus reset	2019-06-11 12:23:48 +02:00
pcmcia	pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges	2018-11-21 09:27:30 +01:00
perf
phy
pinctrl	pinctrl: pistachio: fix leaked of_node references	2019-06-11 12:23:57 +02:00
platform	platform/x86: sony-laptop: Fix unintentional fall-through	2019-05-16 19:45:05 +02:00
pnp
power	power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG	2019-06-11 12:23:49 +02:00
powercap
pps
ps3
ptp	ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl	2019-02-20 10:13:05 +01:00
pwm	pwm: tiehrpwm: Fix disabling of output of PWMs	2018-09-09 20:04:35 +02:00
rapidio
ras
regulator	regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting	2019-04-27 09:33:53 +02:00
remoteproc
reset
rpmsg
rtc	rtc: 88pm860x: prevent use-after-free on device remove	2019-06-11 12:23:54 +02:00
s390	s390: ctcm: fix ctcm_new_device error return code	2019-05-16 19:45:06 +02:00
sbus	drivers/sbus/char: add of_node_put()	2018-12-21 14:09:52 +01:00
scsi	Revert "scsi: sd: Keep disk read-only when re-reading partition"	2019-06-11 12:23:51 +02:00
sfi
sh
sn
soc	soc/tegra: fuse: Fix illegal free of IO base address	2019-04-27 09:33:52 +02:00
spi	spi: pxa2xx: fix SCR (divisor) calculation	2019-06-11 12:23:54 +02:00
spmi
ssb	ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit	2019-06-11 12:23:53 +02:00
staging	staging: iio: adt7316: fix the dac write calculation	2019-05-16 19:45:02 +02:00
target	scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock	2019-03-23 08:44:35 +01:00
tc	TC: Set DMA masks for devices	2018-11-21 09:27:36 +01:00
thermal	thermal/int340x_thermal: fix mode setting	2019-04-27 09:33:57 +02:00
thunderbolt
tty	tty/vt: fix write/write race in ioctl(KDSKBSENT) handler	2019-06-11 12:23:37 +02:00
uio	uio: Fix an Oops on load	2018-11-27 16:08:02 +01:00
usb	USB: serial: fix unthrottle races	2019-05-16 19:45:16 +02:00
uwb	uwb: hwa-rc: fix memory leak at probe	2018-10-10 08:52:04 +02:00
vfio	vfio/pci: use correct format characters	2019-05-16 19:45:01 +02:00
vhost	vhost: make sure used idx is seen before log in vhost_add_used_n()	2019-01-13 10:05:28 +01:00
video	fbdev: fix WARNING in __alloc_pages_nodemask bug	2019-06-11 12:23:52 +02:00
virt	drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl	2019-05-16 19:45:18 +02:00
virtio
vlynq
vme
w1	w1: fix the resume command API	2019-06-11 12:23:55 +02:00
watchdog
xen	xen: xlate_mmu: add missing header to fix 'W=1' warning	2018-12-17 21:55:11 +01:00
zorro
Kconfig
Makefile