This is an automatic generated email to let you know that the following patch were queued at the http://git.linuxtv.org/cgit.cgi/v4l-utils.git tree:
Subject: edid-decode: fix transfer characteristics buffer overread Author: Maciej Miszczyk <mmiszc...@logitech.com> Date: Fri Dec 13 13:39:25 2024 +0100 Fix transfer characteristics buffer overread. Signed-off-by: Maciej Miszczyk <mmiszc...@logitech.com> Signed-off-by: Hans Verkuil <hverk...@xs4all.nl> utils/edid-decode/parse-displayid-block.cpp | 6 ++++++ 1 file changed, 6 insertions(+) --- http://git.linuxtv.org/cgit.cgi/v4l-utils.git/commit/?id=f5ef04881c99e71e063c50d3f05b413d0f67c7e9 diff --git a/utils/edid-decode/parse-displayid-block.cpp b/utils/edid-decode/parse-displayid-block.cpp index 0b6d7dcfd1d1..011840c4e2e6 100644 --- a/utils/edid-decode/parse-displayid-block.cpp +++ b/utils/edid-decode/parse-displayid-block.cpp @@ -739,6 +739,12 @@ void edid_state::parse_displayid_transfer_characteristics(const unsigned char *x printf(" Response curve #%u:", i - first_is_white); unsigned samples = x[offset]; + + if (offset + samples >= len) { + fail("Length %u is too small to hold %u samples at %u offset.\n", + len, samples, offset); + break; + } if (four_param) { if (samples != 5) fail("Expected 5 samples.\n");
