[PATCH 361/641] Staging: dream, fix buf overflow
Greg Kroah-Hartman
gregkh at suse.de
Tue Sep 15 19:09:52 UTC 2009
From: Jiri Slaby <jirislaby at gmail.com>
In vfe_send_msg_no_payload there is a wrong struct vfe_message allocation.
It allocates only sizeof(pointer to vfe_message) for a whole structure.
Add a dereference to the sizeof to allocate sizeof(vfe_message).
Signed-off-by: Jiri Slaby <jirislaby at gmail.com>
Acked-by: Pavel Machek <pavel at ucw.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/staging/dream/camera/msm_vfe8x_proc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c
index bb65013..5436f71 100644
--- a/drivers/staging/dream/camera/msm_vfe8x_proc.c
+++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c
@@ -818,7 +818,7 @@ static void vfe_send_msg_no_payload(enum VFE_MESSAGE_ID id)
{
struct vfe_message *msg;
- msg = kzalloc(sizeof(msg), GFP_ATOMIC);
+ msg = kzalloc(sizeof(*msg), GFP_ATOMIC);
if (!msg)
return;
--
1.6.4.2
More information about the devel
mailing list