oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Integer overflow in bttv driver

From: Greg KH <greg () kroah com>
Date: Mon, 28 Aug 2017 11:49:32 +0200
On Mon, Aug 28, 2017 at 05:42:24PM +0800, 小雨 wrote:



hello ,

I found a potential security problem which code located in 
https://github.com/torvalds/linux/blob/master/drivers/media/pci/bt8xx/bttv-driver.c 
<https://github.com/torvalds/linux/blob/master/drivers/media/pci/bt8xx/bttv-driver.c>.

In setup_window_lock function,as follows:



It did not check the clipcount param,causing a overflow.


Really?  What kernel version are you looking at?  The latest kernel tree
shows this, from the repo you link to above:
  https://github.com/torvalds/linux/blob/master/drivers/media/pci/bt8xx/bttv-driver.c#L2098

what am I missing here?

Also, any specific reason you sent this to oss-security just a few
minutes after sending it to security () kernel org?  I don't really care
for something like this that is not really an issue, but if it was,
well, you sure didn't give anyone a chance to actually fix it :)

thanks,

greg k-h
Previous By Date Next
Previous By Thread Next

Current thread: