On Mon, Nov 20, 2017 at 02:36:20PM +0100, Hans Verkuil wrote:
> On 11/13/2017 06:04 PM, Ville Syrjala wrote:
> > From: Ville Syrjälä <ville.syrj...@linux.intel.com>
<snip>
> > @@ -1163,7 +1176,7 @@ static int hdmi_audio_infoframe_unpack(struct
> > hdmi_audio_infoframe *frame,
> > */
> > static int
> > hdmi_vendor_any_infoframe_unpack(union hdmi_vendor_any_infoframe *frame,
> > - const void *buffer)
> > + const void *buffer, size_t size)
> > {
> > const u8 *ptr = buffer;
> > size_t length;
> > @@ -1171,6 +1184,9 @@ hdmi_vendor_any_infoframe_unpack(union
> > hdmi_vendor_any_infoframe *frame,
> > u8 hdmi_video_format;
> > struct hdmi_vendor_infoframe *hvf = &frame->hdmi;
> >
> > + if (size < HDMI_INFOFRAME_HEADER_SIZE)
> > + return -EINVAL;
> > +
>
> This check is not needed since that is already done in
> hdmi_infoframe_unpack().
Hmm. True. Somehow I was expecting that this function would have been
exported on its own, but it's static so clearly I was mistaken.
The pack functions are individually exported, which is where I got
this idea probably.
>
> > if (ptr[0] != HDMI_INFOFRAME_TYPE_VENDOR ||
> > ptr[1] != 1 ||
> > (ptr[2] != 4 && ptr[2] != 5 && ptr[2] != 6))
> > @@ -1178,6 +1194,9 @@ hdmi_vendor_any_infoframe_unpack(union
> > hdmi_vendor_any_infoframe *frame,
> >
> > length = ptr[2];
> >
> > + if (size < HDMI_INFOFRAME_HEADER_SIZE + length)
> > + return -EINVAL;
> > +
> > if (hdmi_infoframe_checksum(buffer,
> > HDMI_INFOFRAME_HEADER_SIZE + length) != 0)
> > return -EINVAL;
--
Ville Syrjälä
Intel OTC
