This is an automatic generated email to let you know that the following patch were queued at the http://git.linuxtv.org/cgit.cgi/v4l-utils.git tree:
Subject: edid-decode: fix buffer overread on product identification parsing Author: Maciej Miszczyk <mmiszc...@logitech.com> Date: Thu Dec 12 13:20:39 2024 +0100 Fix buffer overread on product identification parsing. Signed-off-by: Maciej Miszczyk <mmiszc...@logitech.com> Signed-off-by: Hans Verkuil <hverk...@xs4all.nl> utils/edid-decode/parse-displayid-block.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- http://git.linuxtv.org/cgit.cgi/v4l-utils.git/commit/?id=1ec98ca6eedf2aa706ee4a79d3a58707b31aa668 diff --git a/utils/edid-decode/parse-displayid-block.cpp b/utils/edid-decode/parse-displayid-block.cpp index 21590246f8c4..6f7d8495c5f2 100644 --- a/utils/edid-decode/parse-displayid-block.cpp +++ b/utils/edid-decode/parse-displayid-block.cpp @@ -97,8 +97,12 @@ void edid_state::parse_displayid_product_id(const unsigned char *x) printf(", Week %u", week); printf("\n"); if (x[14]) { - char buf[256]; - + const unsigned char maxlen = EDID_PAGE_SIZE - 15; + char buf[maxlen]; + if (x[14] >= maxlen) { + fail("Product ID length is more than expected (%u >= %u).\n", x[14], maxlen); + return; + } memcpy(buf, x + 15, x[14]); buf[x[14]] = 0; printf(" Product ID: %s\n", buf);
