media: gspca: zero usb_buf on error - kernel/linux.git

diff options

author	Hans Verkuil <hverkuil-cisco@xs4all.nl>	2019-08-16 09:38:13 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-10-05 13:30:21 +0300
commit	b44a551c9ef0f8fa97cad541ece10cb5fd1f7a35 (patch)
tree	9b61f624c49644d5fe7d87e4c6705f0cfc7c0449 /drivers/pcmcia
parent	f61ee509a2fc5dcfad5bb3353075c366d296d3fd (diff)
download	linux-b44a551c9ef0f8fa97cad541ece10cb5fd1f7a35.tar.xz

media: gspca: zero usb_buf on error

[ Upstream commit 4843a543fad3bf8221cf14e5d5f32d15cee89e84 ] If reg_r() fails, then gspca_dev->usb_buf was left uninitialized, and some drivers used the contents of that buffer in logic. This caused several syzbot errors: https://syzkaller.appspot.com/bug?extid=397fd082ce5143e2f67d https://syzkaller.appspot.com/bug?extid=1a35278dd0ebfb3a038a https://syzkaller.appspot.com/bug?extid=06ddf1788cfd048c5e82 I analyzed the gspca drivers and zeroed the buffer where needed. Reported-and-tested-by: syzbot+1a35278dd0ebfb3a038a@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+397fd082ce5143e2f67d@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+06ddf1788cfd048c5e82@syzkaller.appspotmail.com Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'drivers/pcmcia')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: