linux/include
Sudeep Dutt 3b1cc9b962 misc: mic: fix possible signed underflow (undefined behavior) in userspace API
iovcnt is declared as a signed integer in both the userspace API and
as a local variable in mic_virtio.c. The while() loop in mic_virtio.c
iterates until the local variable iovcnt reaches the value 0. If
userspace passes e.g. INT_MIN as iovcnt field, this loop then appears
to depend on an undefined behavior (signed underflow) to complete.
The fix is to use unsigned integers in both the userspace API and
the local variable.

This issue was reported @ https://lkml.org/lkml/2014/1/10/10

Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reviewed-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Signed-off-by: Sudeep Dutt <sudeep.dutt@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-02-07 15:30:34 -08:00
..
acpi Merge branches 'acpi-processor', 'acpi-hotplug', 'acpi-init', 'acpi-pm' and 'acpica' 2014-01-29 11:47:18 +01:00
asm-generic Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2014-01-27 21:03:39 -08:00
clocksource
crypto
drm drm/tegra: Changes for v3.14-rc1 (update) 2014-01-29 12:03:56 +10:00
dt-bindings Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2014-01-30 17:07:18 -08:00
keys
kvm
linux Drivers: hv: vmbus: Specify the target CPU that should receive notification 2014-02-07 08:27:34 -08:00
math-emu math-emu: fix floating-point to integer overflow detection 2014-01-07 18:36:24 -06:00
media [media] saa6588: add support for non-blocking mode 2014-01-07 07:42:19 -02:00
memory
misc
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-01-25 11:17:34 -08:00
pcmcia
ras
rdma Merge branch 'ip-roce' into for-next 2014-01-22 23:24:21 -08:00
rxrpc
scsi Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-01-31 15:31:23 -08:00
sound ARM: SoC board updates for 3.14 2014-01-23 18:48:28 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-01-31 15:31:23 -08:00
trace Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-01-31 09:31:14 -08:00
uapi misc: mic: fix possible signed underflow (undefined behavior) in userspace API 2014-02-07 15:30:34 -08:00
video video: pxa168fb: Cleanup pxa168fb.h file 2014-01-17 10:57:43 +02:00
xen Bug-fixes: 2014-01-31 08:38:18 -08:00
Kbuild