V4L/DVB (7729): Fix VIDIOCGAP corruption in ivtv
authorAlan Cox <alan@lxorguk.ukuu.org.uk>
Sun, 20 Apr 2008 14:27:36 +0000 (11:27 -0300)
committerMauro Carvalho Chehab <mchehab@infradead.org>
Thu, 24 Apr 2008 17:09:50 +0000 (14:09 -0300)
Frank Bennett reported that ivtv was causing skype to crash. With help
from one of their developers he showed it was a kernel problem.
VIDIOCGCAP copies a name into a fixed length buffer - ivtv uses names
that are too long and does not truncate them so corrupts a few bytes of
the app data area.

Possibly the names also want trimming but for now this should fix the
corruption case.

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
drivers/media/video/ivtv/ivtv-ioctl.c

index 90f59c4155aef9b8a8d680bbe38dd527ea1b4c32..15cac1812122e22c11805e3fe006c5111f2581ae 100644 (file)
@@ -742,7 +742,8 @@ int ivtv_v4l2_ioctls(struct ivtv *itv, struct file *filp, unsigned int cmd, void
 
                memset(vcap, 0, sizeof(*vcap));
                strcpy(vcap->driver, IVTV_DRIVER_NAME);     /* driver name */
-               strcpy(vcap->card, itv->card_name);         /* card type */
+               strncpy(vcap->card, itv->card_name,
+                               sizeof(vcap->card)-1);      /* card type */
                strcpy(vcap->bus_info, pci_name(itv->dev)); /* bus info... */
                vcap->version = IVTV_DRIVER_VERSION;        /* version */
                vcap->capabilities = itv->v4l2_cap;         /* capabilities */