[PATCH] drivers/media/video/zr36120.c

Philip Wang (PXWang@stanford.edu)
Mon, 21 May 2001 16:34:37 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ben Pfaff: "[patch] Bug-fix for Maestro dock/hardware volume control patch"
Previous message: Jonathan Morton: "Re: Background to the argument about CML2 design philosophy"

Hello!

I'm Philip, from Professor Dawson Engler's Meta-Compilation Group at
Stanford University.

There is a bug in zr36120.c of not freeing memory on error paths. This one
is particularly dangerous, because kmalloc allocates a memory block the
size of a memory clip! I simply free the local pointer, vcp, before
returning -EFAULT.

Warmly,

Philip

linux/2.4.4/drivers/media/video/zr36120.c Fri Mar 2 11:12:10 2001
+++ zr36120.c Mon May 21 13:26:17 2001
@@ -1195,8 +1195,10 @@
if (vcp==NULL)
return -ENOMEM;
if (vw.clipcount &&
copy_from_user(vcp,vw.clips,sizeof(struct video_clip)*vw.clipcount))
- return -EFAULT;
-
+ {
+ vfree(vcp);
+ return -EFAULT;
+ }
on = ztv->running;
if (on)
zoran_cap(ztv, 0);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Pfaff: "[patch] Bug-fix for Maestro dock/hardware volume control patch"
Previous message: Jonathan Morton: "Re: Background to the argument about CML2 design philosophy"