On Mon, Sep 08, 2014 at 02:40:33PM +0200, Stefan Richter wrote:
> On Sep 08 Stefan Richter wrote:
> > On Sep 08 Dan Carpenter wrote:
> > > "program_info_length" is user controlled and can go up to 4095. The
> > > operand[] array has 509 bytes so we need to add a limit here to prevent
> > > buffer
On Sep 08 Stefan Richter wrote:
> On Sep 08 Dan Carpenter wrote:
> > "program_info_length" is user controlled and can go up to 4095. The
> > operand[] array has 509 bytes so we need to add a limit here to prevent
> > buffer overflows.
> >
> > Signed-off-by: Dan Carpenter
>
> Reviewed-by: Stefan
On Sep 08 Dan Carpenter wrote:
> "program_info_length" is user controlled and can go up to 4095. The
> operand[] array has 509 bytes so we need to add a limit here to prevent
> buffer overflows.
>
> Signed-off-by: Dan Carpenter
Reviewed-by: Stefan Richter
Thank you.
>
> diff --git a/drivers
"program_info_length" is user controlled and can go up to 4095. The
operand[] array has 509 bytes so we need to add a limit here to prevent
buffer overflows.
Signed-off-by: Dan Carpenter
diff --git a/drivers/media/firewire/firedtv-avc.c
b/drivers/media/firewire/firedtv-avc.c
index d1a1a13..ac1
