subject:"\[PATCH 4.9 40\/88\] media\: v4l2\-compat\-ioctl32.c\: avoid sizeof\(type\)"

[PATCH 4.9 40/88] media: v4l2-compat-ioctl32.c: avoid sizeof(type)

2018-02-15 Thread Greg Kroah-Hartman

4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: Hans Verkuil 

commit 333b1e9f96ce05f7498b581509bb30cde03018bf upstream.

Instead of doing sizeof(struct foo) use sizeof(*up). There even were
cases where 4 * sizeof(__u32) was used instead of sizeof(kp->reserved),
which is very dangerous when the size of the reserved array changes.

Signed-off-by: Hans Verkuil 
Acked-by: Sakari Ailus 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/media/v4l2-core/v4l2-compat-ioctl32.c |   77 --
 1 file changed, 36 insertions(+), 41 deletions(-)

--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -47,7 +47,7 @@ struct v4l2_window32 {
 
 static int get_v4l2_window32(struct v4l2_window *kp, struct v4l2_window32 
__user *up)
 {
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_window32)) ||
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
copy_from_user(>w, >w, sizeof(up->w)) ||
get_user(kp->field, >field) ||
get_user(kp->chromakey, >chromakey) ||
@@ -64,7 +64,7 @@ static int get_v4l2_window32(struct v4l2
if (get_user(p, >clips))
return -EFAULT;
uclips = compat_ptr(p);
-   kclips = compat_alloc_user_space(n * sizeof(struct v4l2_clip));
+   kclips = compat_alloc_user_space(n * sizeof(*kclips));
kp->clips = kclips;
while (--n >= 0) {
if (copy_in_user(>c, >c, 
sizeof(uclips->c)))
@@ -157,14 +157,14 @@ static int __get_v4l2_format32(struct v4
 
 static int get_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 
__user *up)
 {
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_format32)))
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)))
return -EFAULT;
return __get_v4l2_format32(kp, up);
 }
 
 static int get_v4l2_create32(struct v4l2_create_buffers *kp, struct 
v4l2_create_buffers32 __user *up)
 {
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_create_buffers32)) ||
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
copy_from_user(kp, up, offsetof(struct v4l2_create_buffers32, 
format)))
return -EFAULT;
return __get_v4l2_format32(>format, >format);
@@ -208,14 +208,14 @@ static int __put_v4l2_format32(struct v4
 
 static int put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 
__user *up)
 {
-   if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_format32)))
+   if (!access_ok(VERIFY_WRITE, up, sizeof(*up)))
return -EFAULT;
return __put_v4l2_format32(kp, up);
 }
 
 static int put_v4l2_create32(struct v4l2_create_buffers *kp, struct 
v4l2_create_buffers32 __user *up)
 {
-   if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_create_buffers32)) 
||
+   if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
copy_to_user(up, kp, offsetof(struct v4l2_create_buffers32, 
format)) ||
copy_to_user(up->reserved, kp->reserved, sizeof(kp->reserved)))
return -EFAULT;
@@ -234,7 +234,7 @@ struct v4l2_standard32 {
 static int get_v4l2_standard32(struct v4l2_standard *kp, struct 
v4l2_standard32 __user *up)
 {
/* other fields are not set by the user, nor used by the driver */
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_standard32)) ||
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
get_user(kp->index, >index))
return -EFAULT;
return 0;
@@ -242,13 +242,13 @@ static int get_v4l2_standard32(struct v4
 
 static int put_v4l2_standard32(struct v4l2_standard *kp, struct 
v4l2_standard32 __user *up)
 {
-   if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_standard32)) ||
+   if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
put_user(kp->index, >index) ||
put_user(kp->id, >id) ||
-   copy_to_user(up->name, kp->name, 24) ||
+   copy_to_user(up->name, kp->name, sizeof(up->name)) ||
copy_to_user(>frameperiod, >frameperiod, 
sizeof(kp->frameperiod)) ||
put_user(kp->framelines, >framelines) ||
-   copy_to_user(up->reserved, kp->reserved, 4 * sizeof(__u32)))
+   copy_to_user(up->reserved, kp->reserved, sizeof(kp->reserved)))
return -EFAULT;
return 0;
 }
@@ -296,7 +296,7 @@ static int get_v4l2_plane32(struct v4l2_
 
if (copy_in_user(up, up32, 2 * sizeof(__u32)) ||
copy_in_user(>data_offset, >data_offset,
-sizeof(__u32)))
+sizeof(up->data_offset)))
return -EFAULT;
 
if (memory == V4L2_MEMORY_USERPTR) {
@@ -306,11 +306,11 @@ static int

[PATCH 4.9 40/88] media: v4l2-compat-ioctl32.c: avoid sizeof(type)

2018-02-15 Thread Greg Kroah-Hartman

4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: Hans Verkuil 

commit 333b1e9f96ce05f7498b581509bb30cde03018bf upstream.

Instead of doing sizeof(struct foo) use sizeof(*up). There even were
cases where 4 * sizeof(__u32) was used instead of sizeof(kp->reserved),
which is very dangerous when the size of the reserved array changes.

Signed-off-by: Hans Verkuil 
Acked-by: Sakari Ailus 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/media/v4l2-core/v4l2-compat-ioctl32.c |   77 --
 1 file changed, 36 insertions(+), 41 deletions(-)

--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -47,7 +47,7 @@ struct v4l2_window32 {
 
 static int get_v4l2_window32(struct v4l2_window *kp, struct v4l2_window32 
__user *up)
 {
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_window32)) ||
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
copy_from_user(>w, >w, sizeof(up->w)) ||
get_user(kp->field, >field) ||
get_user(kp->chromakey, >chromakey) ||
@@ -64,7 +64,7 @@ static int get_v4l2_window32(struct v4l2
if (get_user(p, >clips))
return -EFAULT;
uclips = compat_ptr(p);
-   kclips = compat_alloc_user_space(n * sizeof(struct v4l2_clip));
+   kclips = compat_alloc_user_space(n * sizeof(*kclips));
kp->clips = kclips;
while (--n >= 0) {
if (copy_in_user(>c, >c, 
sizeof(uclips->c)))
@@ -157,14 +157,14 @@ static int __get_v4l2_format32(struct v4
 
 static int get_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 
__user *up)
 {
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_format32)))
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)))
return -EFAULT;
return __get_v4l2_format32(kp, up);
 }
 
 static int get_v4l2_create32(struct v4l2_create_buffers *kp, struct 
v4l2_create_buffers32 __user *up)
 {
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_create_buffers32)) ||
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
copy_from_user(kp, up, offsetof(struct v4l2_create_buffers32, 
format)))
return -EFAULT;
return __get_v4l2_format32(>format, >format);
@@ -208,14 +208,14 @@ static int __put_v4l2_format32(struct v4
 
 static int put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 
__user *up)
 {
-   if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_format32)))
+   if (!access_ok(VERIFY_WRITE, up, sizeof(*up)))
return -EFAULT;
return __put_v4l2_format32(kp, up);
 }
 
 static int put_v4l2_create32(struct v4l2_create_buffers *kp, struct 
v4l2_create_buffers32 __user *up)
 {
-   if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_create_buffers32)) 
||
+   if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
copy_to_user(up, kp, offsetof(struct v4l2_create_buffers32, 
format)) ||
copy_to_user(up->reserved, kp->reserved, sizeof(kp->reserved)))
return -EFAULT;
@@ -234,7 +234,7 @@ struct v4l2_standard32 {
 static int get_v4l2_standard32(struct v4l2_standard *kp, struct 
v4l2_standard32 __user *up)
 {
/* other fields are not set by the user, nor used by the driver */
-   if (!access_ok(VERIFY_READ, up, sizeof(struct v4l2_standard32)) ||
+   if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
get_user(kp->index, >index))
return -EFAULT;
return 0;
@@ -242,13 +242,13 @@ static int get_v4l2_standard32(struct v4
 
 static int put_v4l2_standard32(struct v4l2_standard *kp, struct 
v4l2_standard32 __user *up)
 {
-   if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_standard32)) ||
+   if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
put_user(kp->index, >index) ||
put_user(kp->id, >id) ||
-   copy_to_user(up->name, kp->name, 24) ||
+   copy_to_user(up->name, kp->name, sizeof(up->name)) ||
copy_to_user(>frameperiod, >frameperiod, 
sizeof(kp->frameperiod)) ||
put_user(kp->framelines, >framelines) ||
-   copy_to_user(up->reserved, kp->reserved, 4 * sizeof(__u32)))
+   copy_to_user(up->reserved, kp->reserved, sizeof(kp->reserved)))
return -EFAULT;
return 0;
 }
@@ -296,7 +296,7 @@ static int get_v4l2_plane32(struct v4l2_
 
if (copy_in_user(up, up32, 2 * sizeof(__u32)) ||
copy_in_user(>data_offset, >data_offset,
-sizeof(__u32)))
+sizeof(up->data_offset)))
return -EFAULT;
 
if (memory == V4L2_MEMORY_USERPTR) {
@@ -306,11 +306,11 @@ static int get_v4l2_plane32(struct v4l2_
if (put_user((unsigned long)up_pln, >m.userptr))
return -EFAULT;

[PATCH 4.9 40/88] media: v4l2-compat-ioctl32.c: avoid sizeof(type)

[PATCH 4.9 40/88] media: v4l2-compat-ioctl32.c: avoid sizeof(type)

2 matches

Site Navigation

Mail list logo

Footer information