git.ipfire.org Git - people/arne

author	Johan Hovold <johan@kernel.org>
	Fri, 3 Jan 2020 16:35:10 +0000 (17:35 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 1 Apr 2020 09:00:26 +0000 (11:00 +0200)
commit	7d565c3bbc5c1255a79d63641ac5fbbfb819216d
tree	c1008ae0219c39d6912f02c818b1f993bc59e015	tree \| snapshot
parent	d80709aa9de4ee1593ef4cc27410d38c3895c64e	commit \| diff

media: stv06xx: add missing descriptor sanity checks

commit 485b06aadb933190f4bc44e006076bc27a23f205 upstream.

Make sure to check that we have two alternate settings and at least one
endpoint before accessing the second altsetting structure and
dereferencing the endpoint arrays.

This specifically avoids dereferencing NULL-pointers or corrupting
memory when a device does not have the expected descriptors.

Note that the sanity checks in stv06xx_start() and pb0100_start() are
not redundant as the driver is mixing looking up altsettings by index
and by number, which may not coincide.

Fixes: 8668d504d72c ("V4L/DVB (12082): gspca_stv06xx: Add support for st6422 bridge and sensor")
Fixes: c0b33bdc5b8d ("[media] gspca-stv06xx: support bandwidth changing")
Cc: stable <stable@vger.kernel.org> # 2.6.31
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/media/usb/gspca/stv06xx/stv06xx.c		diff \| blob \| blame \| history
drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c		diff \| blob \| blame \| history