From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934224Ab3AOW4i (ORCPT ); Tue, 15 Jan 2013 17:56:38 -0500 Received: from mail.kernel.org ([198.145.19.201]:48107 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934194Ab3AOW4b (ORCPT ); Tue, 15 Jan 2013 17:56:31 -0500 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , alan@lxorguk.ukuu.org.uk, Malcolm Priestley Subject: [ 26/71] staging: vt6656: [BUG] out of bound array reference in RFbSetPower. Date: Tue, 15 Jan 2013 14:54:23 -0800 Message-Id: <20130115225342.314489181@linuxfoundation.org> X-Mailer: git-send-email 1.8.1.336.g94702dd In-Reply-To: <20130115225340.367496998@linuxfoundation.org> References: <20130115225340.367496998@linuxfoundation.org> User-Agent: quilt/0.60-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.0-stable review patch. If anyone has any objections, please let me know. ------------------ From: Malcolm Priestley commit ab1dd9963137a1e122004d5378a581bf16ae9bc8 upstream. Calling RFbSetPower with uCH zero value will cause out of bound array reference. This causes 64 bit kernels to oops on boot. Note: Driver does not function on 64 bit kernels and should be blacklisted on them. Signed-off-by: Malcolm Priestley Signed-off-by: Greg Kroah-Hartman --- drivers/staging/vt6656/rf.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/staging/vt6656/rf.c +++ b/drivers/staging/vt6656/rf.c @@ -769,6 +769,9 @@ BYTE byPwr = pDevice->byCCKPwr; return TRUE; } + if (uCH == 0) + return -EINVAL; + switch (uRATE) { case RATE_1M: case RATE_2M: