Dan Carpenter <dan.carpen...@oracle.com> writes: > Good eye for spotting the memory corruption bug! > > This is a bug fix, so the fix should go in a separate patch and not > merged with a code cleanup patch. Ordinary users can trigger this so > it's a security bug and separating it out is extra important.
Ok. I just sent up a patch to the driverdev list. I missed a few of the Cc's that were on this thread, though. Also, it will conflict with Raphael's cleanup. > The checking in spk_set_num_var() is not sufficient as well. If we use > E_INC then we can hit an integer overflow bug: Good catch. In fact, we shouldn't be using input at all! Instead, we need to use the value of the voice parameter after it was changed. That will be a valid index into the two tables. My patch does so. -- Chris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
