Patchwork [upstream,for,stable,1/8] staging: vt6656: [BUG] out of bound array reference in RFbSetPower.

login
register
mail settings
Submitter Malcolm Priestley
Date Dec. 27, 2012, 12:59 p.m.
Message ID <1356613155.3447.37.camel@canaries64>
Download mbox | patch
Permalink /patch/209018/
State New
Headers show

Comments

Malcolm Priestley - Dec. 27, 2012, 12:59 p.m.
upstream commit 
ab1dd9963137a1e122004d5378a581bf16ae9bc8

Tested on kernels 2.6.35, 3.0, 3.2, 3.5 & 3.7

This upstream commit and the ones in patch 2 & 3 are critical for boot
dead lock on 64 bit systems, the remaining commits bring the driver up.

staging: vt6656: [BUG] out of bound array reference in RFbSetPower.
    
Calling RFbSetPower with uCH zero value will cause out of bound array reference.
    
This causes 64 bit kernels to oops on boot.
    
Note: Driver does not function on 64 bit kernels and should be
blacklisted on them.

Cc: stable@kernel.org  # 2.6.35+    
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Patch

diff --git a/drivers/staging/vt6656/rf.c b/drivers/staging/vt6656/rf.c
index 593cdc7..74c0598 100644
--- a/drivers/staging/vt6656/rf.c
+++ b/drivers/staging/vt6656/rf.c
@@ -769,6 +769,9 @@  BYTE    byPwr = pDevice->byCCKPwr;
         return TRUE;
     }
 
+	if (uCH == 0)
+		return -EINVAL;
+
     switch (uRATE) {
     case RATE_1M:
     case RATE_2M: