V4L: Fix VIDIOCGAP corruption in ivtv

Frank Bennett reported that ivtv was causing skype to crash. With help
from one of their developers he showed it was a kernel problem.
VIDIOCGCAP copies a name into a fixed length buffer - ivtv uses names
that are too long and does not truncate them so corrupts a few bytes of
the app data area.

Possibly the names also want trimming but for now this should fix the
corruption case.

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
(cherry picked from commit d2b213f7b76f187c4391079c7581d3a08b940133)
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/media/video/ivtv/ivtv-ioctl.c b/drivers/media/video/ivtv/ivtv-ioctl.c
index fd6826f472e3c99ac50029602e0e38ffc136aba7..da9a10ef773f727ddc3d07f59502757712b65237 100644 (file)
--- a/drivers/media/video/ivtv/ivtv-ioctl.c
+++ b/drivers/media/video/ivtv/ivtv-ioctl.c
@@ -727,7 +727,8 @@ int ivtv_v4l2_ioctls(struct ivtv *itv, struct file *filp, unsigned int cmd, void
 
                memset(vcap, 0, sizeof(*vcap));
                strcpy(vcap->driver, IVTV_DRIVER_NAME);     /* driver name */
-               strcpy(vcap->card, itv->card_name);         /* card type */
+               strncpy(vcap->card, itv->card_name,
+                               sizeof(vcap->card)-1);      /* card type */
                strcpy(vcap->bus_info, pci_name(itv->dev)); /* bus info... */
                vcap->version = IVTV_DRIVER_VERSION;        /* version */
                vcap->capabilities = itv->v4l2_cap;         /* capabilities */