dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity

V4L/DVB (5076): Cpia.c: buffer overflow 

If assigned minor is 10 or greater, terminator will be put beyound the end.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
This commit is contained in:
Alexey Dobriyan 2007-01-14 15:29:42 -03:00 committed by Mauro Carvalho Chehab
parent c74e006268
commit 13071f0a58
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/media/video/cpia.c
View File

@ -1350,13 +1350,13 @@ out:
static void create_proc_cpia_cam(struct cam_data *cam)
{
char name[7];
char name[5 + 1 + 10 + 1];
struct proc_dir_entry *ent;
if (!cpia_proc_root || !cam)
return;
sprintf(name, "video%d", cam->vdev.minor);
snprintf(name, sizeof(name), "video%d", cam->vdev.minor);
ent = create_proc_entry(name, S_IFREG|S_IRUGO|S_IWUSR, cpia_proc_root);
if (!ent)
@ -1376,12 +1376,12 @@ static void create_proc_cpia_cam(struct cam_data *cam)
static void destroy_proc_cpia_cam(struct cam_data *cam)
{
char name[7];
char name[5 + 1 + 10 + 1];
if (!cam || !cam->proc_entry)
return;
sprintf(name, "video%d", cam->vdev.minor);
snprintf(name, sizeof(name), "video%d", cam->vdev.minor);
remove_proc_entry(name, cpia_proc_root);
cam->proc_entry = NULL;
}