bttv: tracked down memory corruption bug

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Olaf Titz: "Re: OFFTOPIC: Linux Kernel is Too Good."
• Previous message: Tim Waugh: "Re: PLIP keeps getting worse"

Tracked down a bug in bttv. It writes behind the end of the kmalloced
memory. Quick fix attached. Not sure if this is the correct fix, maybe
the pointer arithmetics are wrong (risc_jmp and vbi_odd are dword*, not
char*).

Gerd

------------------------------------------------------------------
--- linux/drivers/char/bttv.c~ Sat Jan 24 15:01:58 1998
+++ linux/drivers/char/bttv.c Sat Feb 7 12:20:37 1998
@@ -1685,7 +1685,7 @@
return -1;
if (!(btv->risc_even=(dword *) kmalloc(RISCMEM_LEN/2, GFP_KERNEL)))
return -1;
- if (!(btv->risc_jmp =(dword *) kmalloc(1024, GFP_KERNEL)))
+ if (!(btv->risc_jmp =(dword *) kmalloc(2048, GFP_KERNEL)))
return -1;
btv->vbi_odd=btv->risc_jmp+12;
btv->vbi_even=btv->vbi_odd+256;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

• Next message: Olaf Titz: "Re: OFFTOPIC: Linux Kernel is Too Good."
• Previous message: Tim Waugh: "Re: PLIP keeps getting worse"