korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-13 01:04:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
3b1cc9b962
linux/drivers/misc
History
Sudeep Dutt 3b1cc9b962 misc: mic: fix possible signed underflow (undefined behavior) in userspace API 
iovcnt is declared as a signed integer in both the userspace API and
as a local variable in mic_virtio.c. The while() loop in mic_virtio.c
iterates until the local variable iovcnt reaches the value 0. If
userspace passes e.g. INT_MIN as iovcnt field, this loop then appears
to depend on an undefined behavior (signed underflow) to complete.
The fix is to use unsigned integers in both the userspace API and
the local variable.

This issue was reported @ https://lkml.org/lkml/2014/1/10/10

Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reviewed-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Signed-off-by: Sudeep Dutt <sudeep.dutt@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-02-07 15:30:34 -08:00
..
altera-stapl
c2port c2port: convert class code to use bin_attrs in groups 2013-07-24 15:39:05 -07:00
carma Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2013-11-20 13:20:24 -08:00
cb710 mmc: cb710: drop free_irq for devm_request_irq allocated irq 2013-09-26 13:55:30 -07:00
eeprom misc: eeprom: sunxi: Add new compatibles 2014-02-07 15:30:34 -08:00
genwqe misc: genwqe: Fix potential memory leak when pinning memory 2014-02-07 15:24:31 -08:00
ibmasm misc: ibmasm: remove unnecessary pci_set_drvdata() 2013-09-26 09:13:54 -07:00
lis3lv02d misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
mei mei: don't unset read cb ptr on reset 2014-02-07 08:16:14 -08:00
mic misc: mic: fix possible signed underflow (undefined behavior) in userspace API 2014-02-07 15:30:34 -08:00
sgi-gru drivers/misc/sgi-gru/grufault.c: fix a sanity test in gru_set_context_option() 2013-07-03 16:07:42 -07:00
sgi-xp sgi-xp: open-code interruptible_sleep_on_timeout 2014-01-08 15:18:02 -08:00
ti-st drivers/misc/ti-st: Prefer tty_driver_flush_buffer 2013-12-04 20:23:51 -08:00
vmw_vmci VMCI: fix error handling path when registering guest driver 2014-01-09 16:16:15 -08:00
ad525x_dpot-i2c.c misc: remove use of __devexit 2012-11-21 12:53:32 -08:00
ad525x_dpot-spi.c misc: remove use of __devexit 2012-11-21 12:53:32 -08:00
ad525x_dpot.c drivers: misc: Mark functions as static in ad525x_dpot.c 2013-12-18 16:41:52 -08:00
ad525x_dpot.h Merge branch 'char-misc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc 2012-01-09 12:08:59 -08:00
apds990x.c misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
apds9802als.c misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
arm-charlcd.c misc: arm-charlcd: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
atmel_pwm.c misc: atmel_pwm: add deferred-probing support 2013-10-29 16:22:57 -07:00
atmel_tclib.c ARM: at91/tc/clocksource: Add 32 bit variant to Timer Counter 2012-03-01 13:38:49 +01:00
atmel-ssc.c Merge 3.11-rc3 into char-misc-next. 2013-07-29 11:50:17 -07:00
bh1770glc.c misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
bh1780gli.c misc: bh1780: probe from compatible string 2013-10-03 16:02:35 -07:00
bmp085-i2c.c misc: bmp085: Clean up and enable use of interrupt for completion. 2013-12-04 20:23:51 -08:00
bmp085-spi.c misc: bmp085: Clean up and enable use of interrupt for completion. 2013-12-04 20:23:51 -08:00
bmp085.c misc: bmp085: Clean up and enable use of interrupt for completion. 2013-12-04 20:23:51 -08:00
bmp085.h misc: bmp085: Clean up and enable use of interrupt for completion. 2013-12-04 20:23:51 -08:00
cs5535-mfgpt.c cs5535-mfgpt: Fix quotation marks 2013-04-03 11:23:13 -07:00
ds1682.c MISC: convert drivers/misc/* to use module_i2c_driver() 2012-01-24 16:31:49 -08:00
dummy-irq.c treewide: Fix typo in printk 2013-05-28 12:02:13 +02:00
enclosure.c [SCSI] enclosure: fix WARN_ON in dual path device removing 2013-12-02 11:13:14 -08:00
fsa9480.c treewide: fix comments and printk msgs 2014-01-07 15:06:07 +01:00
hmc6352.c misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
hpilo.c drivers/misc/hpilo: Correct panic when an AUX iLO is detected 2013-08-14 14:46:22 -07:00
hpilo.h misc: hpilo: increase number of max supported channels 2012-06-14 17:22:12 -07:00
ics932s401.c hwmon: Change my email address. 2013-08-27 08:28:01 -07:00
ioc4.c misc: remove use of __devexit 2012-11-21 12:53:32 -08:00
isl29003.c misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
isl29020.c misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
Kconfig GenWQE Enable driver 2013-12-18 16:51:15 -08:00
kgdbts.c kgdb/kgdbts: support ppc64 2013-03-02 08:52:17 -06:00
lattice-ecp3-config.c treewide: Fix typo in printk 2013-05-28 12:02:13 +02:00
lkdtm.c drivers: misc: Mark function jp_generic_ide_ioctl() as static in lkdtm.c 2013-12-18 16:41:52 -08:00
Makefile GenWQE Enable driver 2013-12-18 16:51:15 -08:00
pch_phub.c pch_phub: fix error return code in pch_phub_probe() 2013-06-06 12:54:08 -07:00
phantom.c misc: phantom: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
pti.c misc: pti: remove unnecessary pci_set_drvdata() 2013-09-26 09:13:54 -07:00
spear13xx_pcie_gadget.c misc: replace strict_strtoul() with kstrtoul() 2013-06-06 12:54:08 -07:00
sram.c misc: sram: fix error path in sram_probe 2013-07-24 22:54:50 -07:00
ti_dac7512.c drivers: misc: ti_dac7512: add support for DT matching 2013-09-26 09:04:06 -07:00
tifm_7xx1.c tifm: fix error return code in tifm_7xx1_probe() 2013-10-30 10:19:30 -07:00
tifm_core.c tifm: convert bus code to use dev_groups 2013-10-16 18:40:58 -07:00
tsl2550.c Drivers: Misc: tsl2250: fix warnings, unsigned long will never < 0 2013-05-16 18:11:12 -07:00
vmw_balloon.c misc: vmw_balloon: Remove braces to fix build for clang. 2013-08-27 21:51:21 -07:00