Xi Wang dfd8ee92a9 Staging: comedi: fix integer overflow in do_insnlist_ioctl() ... There is a potential integer overflow in do_insnlist_ioctl() if userspace passes in a large insnlist.n_insns. The call to kmalloc() would allocate a small buffer, leading to a memory corruption. The bug was reported by Dan Carpenter <dan.carpenter@oracle.com> and Haogang Chen <haogangchen@gmail.com>. The patch was suggested by Ian Abbott <abbotti@mev.co.uk> and Lars-Peter Clausen <lars@metafoo.de>. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Reported-by: Haogang Chen <haogangchen@gmail.com>. Cc: Ian Abbott <abbotti@mev.co.uk> Cc: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>		2011-11-28 04:38:45 +09:00
..
drivers	staging: comedi: usbduxsigma: Fixed wrong range for the analogue channel.	2011-11-26 18:34:14 -08:00
kcomedilib
comedi_compat32.c
comedi_compat32.h
comedi_fops.c	Staging: comedi: fix integer overflow in do_insnlist_ioctl()	2011-11-28 04:38:45 +09:00
comedi_fops.h
comedi.h
comedidev.h	staging: comedi: remove COMEDI_DEVICE_CREATE macro, expand all callers	2011-07-06 08:22:49 -07:00
comedilib.h
drivers.c
internal.h
Kconfig	staging: comedi: new driver usbduxsigma	2011-08-23 12:00:45 -07:00
Makefile
proc.c
range.c
TODO