On 08/31/2015 03:40 PM, Mauro Carvalho Chehab wrote:
> Em Mon, 31 Aug 2015 14:47:03 +0200
> Hans Verkuil <[email protected]> escreveu:
>
>> On 08/30/2015 05:07 AM, Mauro Carvalho Chehab wrote:
>>> Add support for the new MEDIA_IOC_G_TOPOLOGY ioctl, according
>>> with the RFC for the MC next generation.
>>>
>>> Signed-off-by: Mauro Carvalho Chehab <[email protected]>
>>>
>>> diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
>>> index 5b2c9f7fcd45..a91e1ec076a6 100644
>>> --- a/drivers/media/media-device.c
>>> +++ b/drivers/media/media-device.c
>>> @@ -232,6 +232,136 @@ static long media_device_setup_link(struct
>>> media_device *mdev,
>>> return ret;
>>> }
>>>
>>> +static long __media_device_get_topology(struct media_device *mdev,
>>> + struct media_v2_topology *topo)
>>> +{
>>> + struct media_entity *entity;
>>> + struct media_interface *intf;
>>> + struct media_pad *pad;
>>> + struct media_link *link;
>>> + struct media_v2_entity uentity;
>>> + struct media_v2_interface uintf;
>>> + struct media_v2_pad upad;
>>> + struct media_v2_link ulink;
>>> + int ret = 0, i;
>>> +
>>> + topo->topology_version = mdev->topology_version;
>>> +
>>> + /* Get entities and number of entities */
>>> + i = 0;
>>> + media_device_for_each_entity(entity, mdev) {
>>> + i++;
>>> +
>>> + if (ret || !topo->entities)
>>> + continue;
>>
>> I would add:
>>
>> if (i > topo->num_entities)
>> continue;
>>
>> The copy_to_user can succeed, even if i > num_entities depending on how the
>> memory was allocated. So I would always check num_entities and refuse to go
>> beyond it.
>
> I think that the best is:
>
> if (i > topo->num_entities) {
> ret = -ENOSPC;
> continue;
> }
Agreed.
Regards,
Hans
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
