korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-29 14:05:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
09cd8b561a
linux/drivers/media
History
Rajeshwar R Shinde 09cd8b561a media: gspca: cpia1: shift-out-of-bounds in set_flicker 
[ Upstream commit 099be1822d ]

Syzkaller reported the following issue:
UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27
shift exponent 245 is too large for 32-bit type 'int'

When the value of the variable "sd->params.exposure.gain" exceeds the
number of bits in an integer, a shift-out-of-bounds error is reported. It
is triggered because the variable "currentexp" cannot be left-shifted by
more than the number of bits in an integer. In order to avoid invalid
range during left-shift, the conditional expression is added.

Reported-by: syzbot+e27f3dbdab04e43b9f73@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/20230818164522.12806-1-coolrrsh@gmail.com
Link: https://syzkaller.appspot.com/bug?extid=e27f3dbdab04e43b9f73
Signed-off-by: Rajeshwar R Shinde <coolrrsh@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-11-28 16:56:20 +00:00
..
cec media: pulse8-cec: handle possible ping error 2023-09-19 12:22:26 +02:00
common media: vb2: frame_vector.c: replace WARN_ONCE with a comment 2023-10-06 13:18:18 +02:00
dvb-core media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 2023-06-09 10:32:24 +02:00
dvb-frontends media: dvb: symbol fixup for dvb_attach() 2023-09-19 12:22:51 +02:00
firewire media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() 2021-11-06 14:13:30 +01:00
i2c media: i2c: max9286: Fix some redundant of_node_put() calls 2023-11-20 11:08:27 +01:00
mc media: mc-device.c: use DEVICE_ATTR_RO() helper macro 2021-08-04 14:43:50 +02:00
mmc
pci media: bttv: fix use after free error due to btv->timeout timer 2023-11-20 11:08:27 +01:00
platform media: s3c-camif: Avoid inappropriate kfree() 2023-11-20 11:08:27 +01:00
radio media: radio-shark: Add endpoint checks 2023-05-30 13:55:31 +01:00
rc media: rc: gpio-ir-recv: Fix support for wake-up 2023-05-11 23:00:24 +09:00
spi media: cxd2880-spi: Fix a null pointer dereference on error handling path 2021-11-18 19:16:27 +01:00
test-drivers media: vidtv: mux: Add check and kfree for kstrdup 2023-11-20 11:08:27 +01:00
tuners media: tuners: qt1010: replace BUG_ON with a regular error 2023-09-23 11:09:58 +02:00
usb media: gspca: cpia1: shift-out-of-bounds in set_flicker 2023-11-28 16:56:20 +00:00
v4l2-core media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() 2023-09-19 12:22:43 +02:00
Kconfig media: correct MEDIA_TEST_SUPPORT help text 2022-01-27 11:05:20 +01:00
Makefile