Re: [PATCH 02/18] video/hdmi: Pass buffer size to infoframe unpack functions
On 09/20/18 20:51, Ville Syrjala wrote: > From: Ville Syrjälä > > To make sure the infoframe unpack functions don't end up examining > stack garbage or oopsing, let's pass in the size of the buffer. > > v2: Convert tda1997x.c as well (kbuild test robot) > > Cc: Thierry Reding > Cc: Hans Verkuil Acked-by: Hans Verkuil Thanks, Hans > Cc: linux-me...@vger.kernel.org > Signed-off-by: Ville Syrjälä > --- > drivers/media/i2c/adv7511.c | 2 +- > drivers/media/i2c/adv7604.c | 2 +- > drivers/media/i2c/adv7842.c | 2 +- > drivers/media/i2c/tc358743.c | 2 +- > drivers/media/i2c/tda1997x.c | 4 ++-- > drivers/video/hdmi.c | 51 > > include/linux/hdmi.h | 2 +- > 7 files changed, 44 insertions(+), 21 deletions(-) > > diff --git a/drivers/media/i2c/adv7511.c b/drivers/media/i2c/adv7511.c > index 55c2ea0720d9..b85b181bbb6c 100644 > --- a/drivers/media/i2c/adv7511.c > +++ b/drivers/media/i2c/adv7511.c > @@ -550,7 +550,7 @@ static void log_infoframe(struct v4l2_subdev *sd, const > struct adv7511_cfg_read_ > buffer[3] = 0; > buffer[3] = hdmi_infoframe_checksum(buffer, len + 4); > > - if (hdmi_infoframe_unpack(, buffer) < 0) { > + if (hdmi_infoframe_unpack(, buffer, sizeof(buffer)) < 0) { > v4l2_err(sd, "%s: unpack of %s infoframe failed\n", __func__, > cri->desc); > return; > } > diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c > index 668be2bca57a..2e7a28dbad4e 100644 > --- a/drivers/media/i2c/adv7604.c > +++ b/drivers/media/i2c/adv7604.c > @@ -2418,7 +2418,7 @@ static int adv76xx_read_infoframe(struct v4l2_subdev > *sd, int index, > buffer[i + 3] = infoframe_read(sd, > adv76xx_cri[index].payload_addr + i); > > - if (hdmi_infoframe_unpack(frame, buffer) < 0) { > + if (hdmi_infoframe_unpack(frame, buffer, sizeof(buffer)) < 0) { > v4l2_err(sd, "%s: unpack of %s infoframe failed\n", __func__, >adv76xx_cri[index].desc); > return -ENOENT; > diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c > index 4f8fbdd00e35..2cfd03f929b2 100644 > --- a/drivers/media/i2c/adv7842.c > +++ b/drivers/media/i2c/adv7842.c > @@ -2563,7 +2563,7 @@ static void log_infoframe(struct v4l2_subdev *sd, > struct adv7842_cfg_read_infofr > for (i = 0; i < len; i++) > buffer[i + 3] = infoframe_read(sd, cri->payload_addr + i); > > - if (hdmi_infoframe_unpack(, buffer) < 0) { > + if (hdmi_infoframe_unpack(, buffer, sizeof(buffer)) < 0) { > v4l2_err(sd, "%s: unpack of %s infoframe failed\n", __func__, > cri->desc); > return; > } > diff --git a/drivers/media/i2c/tc358743.c b/drivers/media/i2c/tc358743.c > index 44c41933415a..519bf92508d5 100644 > --- a/drivers/media/i2c/tc358743.c > +++ b/drivers/media/i2c/tc358743.c > @@ -444,7 +444,7 @@ static void print_avi_infoframe(struct v4l2_subdev *sd) > > i2c_rd(sd, PK_AVI_0HEAD, buffer, HDMI_INFOFRAME_SIZE(AVI)); > > - if (hdmi_infoframe_unpack(, buffer) < 0) { > + if (hdmi_infoframe_unpack(, buffer, sizeof(buffer)) < 0) { > v4l2_err(sd, "%s: unpack of AVI infoframe failed\n", __func__); > return; > } > diff --git a/drivers/media/i2c/tda1997x.c b/drivers/media/i2c/tda1997x.c > index d114ac5243ec..195a1fc74ee8 100644 > --- a/drivers/media/i2c/tda1997x.c > +++ b/drivers/media/i2c/tda1997x.c > @@ -1253,7 +1253,7 @@ tda1997x_parse_infoframe(struct tda1997x_state *state, > u16 addr) > > /* read data */ > len = io_readn(sd, addr, sizeof(buffer), buffer); > - err = hdmi_infoframe_unpack(, buffer); > + err = hdmi_infoframe_unpack(, buffer, sizeof(buffer)); > if (err) { > v4l_err(state->client, > "failed parsing %d byte infoframe: 0x%04x/0x%02x\n", > @@ -1928,7 +1928,7 @@ static int tda1997x_log_infoframe(struct v4l2_subdev > *sd, int addr) > /* read data */ > len = io_readn(sd, addr, sizeof(buffer), buffer); > v4l2_dbg(1, debug, sd, "infoframe: addr=%d len=%d\n", addr, len); > - err = hdmi_infoframe_unpack(, buffer); > + err = hdmi_infoframe_unpack(, buffer, sizeof(buffer)); > if (err) { > v4l_err(state->client, > "failed parsing %d byte infoframe: 0x%04x/0x%02x\n", > diff --git a/drivers/video/hdmi.c b/drivers/video/hdmi.c > index 65b915ea4936..b5d491014b0b 100644 > --- a/drivers/video/hdmi.c > +++ b/drivers/video/hdmi.c > @@ -1005,8 +1005,9 @@ EXPORT_SYMBOL(hdmi_infoframe_log); > > /** > * hdmi_avi_infoframe_unpack() - unpack binary buffer to a HDMI AVI infoframe > - * @buffer: source buffer > * @frame: HDMI AVI infoframe > + * @buffer: source buffer > + * @size: size of buffer > * > * Unpacks the information contained in binary @buffer into a structured > *
[PATCH 02/18] video/hdmi: Pass buffer size to infoframe unpack functions
From: Ville Syrjälä To make sure the infoframe unpack functions don't end up examining stack garbage or oopsing, let's pass in the size of the buffer. v2: Convert tda1997x.c as well (kbuild test robot) Cc: Thierry Reding Cc: Hans Verkuil Cc: linux-me...@vger.kernel.org Signed-off-by: Ville Syrjälä --- drivers/media/i2c/adv7511.c | 2 +- drivers/media/i2c/adv7604.c | 2 +- drivers/media/i2c/adv7842.c | 2 +- drivers/media/i2c/tc358743.c | 2 +- drivers/media/i2c/tda1997x.c | 4 ++-- drivers/video/hdmi.c | 51 include/linux/hdmi.h | 2 +- 7 files changed, 44 insertions(+), 21 deletions(-) diff --git a/drivers/media/i2c/adv7511.c b/drivers/media/i2c/adv7511.c index 55c2ea0720d9..b85b181bbb6c 100644 --- a/drivers/media/i2c/adv7511.c +++ b/drivers/media/i2c/adv7511.c @@ -550,7 +550,7 @@ static void log_infoframe(struct v4l2_subdev *sd, const struct adv7511_cfg_read_ buffer[3] = 0; buffer[3] = hdmi_infoframe_checksum(buffer, len + 4); - if (hdmi_infoframe_unpack(, buffer) < 0) { + if (hdmi_infoframe_unpack(, buffer, sizeof(buffer)) < 0) { v4l2_err(sd, "%s: unpack of %s infoframe failed\n", __func__, cri->desc); return; } diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c index 668be2bca57a..2e7a28dbad4e 100644 --- a/drivers/media/i2c/adv7604.c +++ b/drivers/media/i2c/adv7604.c @@ -2418,7 +2418,7 @@ static int adv76xx_read_infoframe(struct v4l2_subdev *sd, int index, buffer[i + 3] = infoframe_read(sd, adv76xx_cri[index].payload_addr + i); - if (hdmi_infoframe_unpack(frame, buffer) < 0) { + if (hdmi_infoframe_unpack(frame, buffer, sizeof(buffer)) < 0) { v4l2_err(sd, "%s: unpack of %s infoframe failed\n", __func__, adv76xx_cri[index].desc); return -ENOENT; diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c index 4f8fbdd00e35..2cfd03f929b2 100644 --- a/drivers/media/i2c/adv7842.c +++ b/drivers/media/i2c/adv7842.c @@ -2563,7 +2563,7 @@ static void log_infoframe(struct v4l2_subdev *sd, struct adv7842_cfg_read_infofr for (i = 0; i < len; i++) buffer[i + 3] = infoframe_read(sd, cri->payload_addr + i); - if (hdmi_infoframe_unpack(, buffer) < 0) { + if (hdmi_infoframe_unpack(, buffer, sizeof(buffer)) < 0) { v4l2_err(sd, "%s: unpack of %s infoframe failed\n", __func__, cri->desc); return; } diff --git a/drivers/media/i2c/tc358743.c b/drivers/media/i2c/tc358743.c index 44c41933415a..519bf92508d5 100644 --- a/drivers/media/i2c/tc358743.c +++ b/drivers/media/i2c/tc358743.c @@ -444,7 +444,7 @@ static void print_avi_infoframe(struct v4l2_subdev *sd) i2c_rd(sd, PK_AVI_0HEAD, buffer, HDMI_INFOFRAME_SIZE(AVI)); - if (hdmi_infoframe_unpack(, buffer) < 0) { + if (hdmi_infoframe_unpack(, buffer, sizeof(buffer)) < 0) { v4l2_err(sd, "%s: unpack of AVI infoframe failed\n", __func__); return; } diff --git a/drivers/media/i2c/tda1997x.c b/drivers/media/i2c/tda1997x.c index d114ac5243ec..195a1fc74ee8 100644 --- a/drivers/media/i2c/tda1997x.c +++ b/drivers/media/i2c/tda1997x.c @@ -1253,7 +1253,7 @@ tda1997x_parse_infoframe(struct tda1997x_state *state, u16 addr) /* read data */ len = io_readn(sd, addr, sizeof(buffer), buffer); - err = hdmi_infoframe_unpack(, buffer); + err = hdmi_infoframe_unpack(, buffer, sizeof(buffer)); if (err) { v4l_err(state->client, "failed parsing %d byte infoframe: 0x%04x/0x%02x\n", @@ -1928,7 +1928,7 @@ static int tda1997x_log_infoframe(struct v4l2_subdev *sd, int addr) /* read data */ len = io_readn(sd, addr, sizeof(buffer), buffer); v4l2_dbg(1, debug, sd, "infoframe: addr=%d len=%d\n", addr, len); - err = hdmi_infoframe_unpack(, buffer); + err = hdmi_infoframe_unpack(, buffer, sizeof(buffer)); if (err) { v4l_err(state->client, "failed parsing %d byte infoframe: 0x%04x/0x%02x\n", diff --git a/drivers/video/hdmi.c b/drivers/video/hdmi.c index 65b915ea4936..b5d491014b0b 100644 --- a/drivers/video/hdmi.c +++ b/drivers/video/hdmi.c @@ -1005,8 +1005,9 @@ EXPORT_SYMBOL(hdmi_infoframe_log); /** * hdmi_avi_infoframe_unpack() - unpack binary buffer to a HDMI AVI infoframe - * @buffer: source buffer * @frame: HDMI AVI infoframe + * @buffer: source buffer + * @size: size of buffer * * Unpacks the information contained in binary @buffer into a structured * @frame of the HDMI Auxiliary Video (AVI) information frame. @@ -1016,11 +1017,14 @@ EXPORT_SYMBOL(hdmi_infoframe_log); * Returns 0 on success or a negative error code on failure. */ static int hdmi_avi_infoframe_unpack(struct