From: Greg KH <greg@kroah.com>
To: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Hans Verkuil <hverkuil@xs4all.nl>,
Dan Carpenter <dan.carpenter@oracle.com>,
linux-media@vger.kernel.org, kernel-janitors@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [patch -longterm] V4L/DVB: v4l2-ioctl: integer overflow in
Date: Tue, 03 Jan 2012 20:55:39 +0000 [thread overview]
Message-ID: <20120103205539.GC17131@kroah.com> (raw)
In-Reply-To: <4EE9C2E6.1060304@infradead.org>
On Thu, Dec 15, 2011 at 07:50:30AM -0200, Mauro Carvalho Chehab wrote:
> On 15-12-2011 07:33, Hans Verkuil wrote:
> > On Thursday, December 15, 2011 10:21:41 Mauro Carvalho Chehab wrote:
> >> On 15-12-2011 04:34, Dan Carpenter wrote:
> >>> On a 32bit system the multiplication here could overflow. p->count is
> >>> used in some of the V4L drivers.
> >>
> >> ULONG_MAX / sizeof(v4l2_ext_control) is too much. This ioctl is used on things
> >> like setting MPEG paramenters, where several parameters need adjustments at
> >> the same time. I risk to say that 64 is probably a reasonably safe upper limit.
> >
> > Let's make it 1024. That gives more than enough room for expansion without taking
> > too much memory.
> >
> > Especially for video encoders a lot of controls are needed, and sensor drivers
> > are also getting more complex, so 64 is a bit too low for my taste.
> >
> > I agree that limiting this to some sensible value is a good idea.
>
> I'm fine with 1024. Yet, this could easily be changed to whatever upper value needed,
> and still be backward compatible.
Ok, can someone please send me the "accepted" version of this patch for
inclusion in the 2.6.32-stable tree?
thanks,
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <greg@kroah.com>
To: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Hans Verkuil <hverkuil@xs4all.nl>,
Dan Carpenter <dan.carpenter@oracle.com>,
linux-media@vger.kernel.org, kernel-janitors@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [patch -longterm] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy()
Date: Tue, 3 Jan 2012 12:55:39 -0800 [thread overview]
Message-ID: <20120103205539.GC17131@kroah.com> (raw)
In-Reply-To: <4EE9C2E6.1060304@infradead.org>
On Thu, Dec 15, 2011 at 07:50:30AM -0200, Mauro Carvalho Chehab wrote:
> On 15-12-2011 07:33, Hans Verkuil wrote:
> > On Thursday, December 15, 2011 10:21:41 Mauro Carvalho Chehab wrote:
> >> On 15-12-2011 04:34, Dan Carpenter wrote:
> >>> On a 32bit system the multiplication here could overflow. p->count is
> >>> used in some of the V4L drivers.
> >>
> >> ULONG_MAX / sizeof(v4l2_ext_control) is too much. This ioctl is used on things
> >> like setting MPEG paramenters, where several parameters need adjustments at
> >> the same time. I risk to say that 64 is probably a reasonably safe upper limit.
> >
> > Let's make it 1024. That gives more than enough room for expansion without taking
> > too much memory.
> >
> > Especially for video encoders a lot of controls are needed, and sensor drivers
> > are also getting more complex, so 64 is a bit too low for my taste.
> >
> > I agree that limiting this to some sensible value is a good idea.
>
> I'm fine with 1024. Yet, this could easily be changed to whatever upper value needed,
> and still be backward compatible.
Ok, can someone please send me the "accepted" version of this patch for
inclusion in the 2.6.32-stable tree?
thanks,
greg k-h
next prev parent reply other threads:[~2012-01-03 20:55 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-15 6:34 [patch -longterm] V4L/DVB: v4l2-ioctl: integer overflow in Dan Carpenter
2011-12-15 6:34 ` [patch -longterm] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() Dan Carpenter
2011-12-15 9:21 ` Mauro Carvalho Chehab
2011-12-15 9:21 ` Mauro Carvalho Chehab
2011-12-15 9:33 ` Hans Verkuil
2011-12-15 9:33 ` Hans Verkuil
2011-12-15 9:50 ` Mauro Carvalho Chehab
2011-12-15 9:50 ` Mauro Carvalho Chehab
2012-01-03 20:55 ` Greg KH [this message]
2012-01-03 20:55 ` Greg KH
2012-01-04 13:35 ` [patch -longterm] V4L/DVB: v4l2-ioctl: integer overflow in Dan Carpenter
2012-01-04 13:35 ` [patch -longterm] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() Dan Carpenter
2012-01-05 6:27 ` [patch -next] V4L/DVB: v4l2-ioctl: integer overflow in Dan Carpenter
2012-01-05 6:27 ` [patch -next] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() Dan Carpenter
2012-01-05 6:28 ` [patch -longterm v2] V4L/DVB: v4l2-ioctl: integer overflow in Dan Carpenter
2012-01-05 6:28 ` [patch -longterm v2] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() Dan Carpenter
2012-01-05 16:43 ` [patch -longterm v2] V4L/DVB: v4l2-ioctl: integer overflow in Greg KH
2012-01-05 16:43 ` [patch -longterm v2] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() Greg KH
2012-01-05 17:56 ` [patch -longterm v2] V4L/DVB: v4l2-ioctl: integer overflow in Dan Carpenter
2012-01-05 17:56 ` [patch -longterm v2] V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120103205539.GC17131@kroah.com \
--to=greg@kroah.com \
--cc=dan.carpenter@oracle.com \
--cc=hverkuil@xs4all.nl \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.