This is an automatic generated email to let you know that the following patch were queued at the http://git.linuxtv.org/cgit.cgi/v4l-utils.git tree:
Subject: edid-decode: fix buffer overread on displayid block parsing Author: Maciej Miszczyk <mmiszc...@logitech.com> Date: Fri Dec 13 11:16:34 2024 +0100 Fix buffer overread on displayid block parsing. Signed-off-by: Maciej Miszczyk <mmiszc...@logitech.com> Signed-off-by: Hans Verkuil <hverk...@xs4all.nl> utils/edid-decode/parse-displayid-block.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- http://git.linuxtv.org/cgit.cgi/v4l-utils.git/commit/?id=5858354467771eee50a4efb02698a75891ad8701 diff --git a/utils/edid-decode/parse-displayid-block.cpp b/utils/edid-decode/parse-displayid-block.cpp index b4165921b893..21590246f8c4 100644 --- a/utils/edid-decode/parse-displayid-block.cpp +++ b/utils/edid-decode/parse-displayid-block.cpp @@ -2159,6 +2159,7 @@ void edid_state::parse_displayid_block(const unsigned char *x) } unsigned len; + unsigned saved_length = length; for (const unsigned char *y = x + 5; length > 0; y += len) { len = displayid_block(version, y, length); length -= len; @@ -2170,10 +2171,10 @@ void edid_state::parse_displayid_block(const unsigned char *x) * (excluding DisplayID-in-EDID magic byte) */ data_block.clear(); - do_checksum(" ", x + 1, x[2] + 5, x[2] + 4); + do_checksum(" ", x + 1, saved_length, x[2] + 4); - unused_bytes = 0x7f - (1 + x[2] + 5); - if (!memchk(x + 1 + x[2] + 5, unused_bytes)) { + unused_bytes = 0x7f - (1 + saved_length + 5); + if (!memchk(x + 1 + saved_length + 5, unused_bytes)) { data_block = "Padding"; fail("Contains non-zero bytes.\n"); }
