re: [media] v4l2-subdev: add support for the new edid ioctls
Hi Hans,
The patch ed45ce2cc0b3: [media] v4l2-subdev: add support for the new
edid ioctls from Aug 10, 2012, needs an overflow check the same as the
other cases in that switch statement.
drivers/media/v4l2-core/v4l2-ioctl.c
2200 case VIDIOC_SUBDEV_G_EDID:
2201 case VIDIOC_SUBDEV_S_EDID: {
2202 struct v4l2_subdev_edid *edid = parg;
2203
2204 if (edid-blocks) {
2205 *user_ptr = (void __user *)edid-edid;
2206 *kernel_ptr = (void *)edid-edid;
2207 *array_size = edid-blocks * 128;
^^
This can overflow.
2208 ret = 1;
2209 }
2210 break;
2211 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [media] v4l2-subdev: add support for the new edid ioctls
On Wed 26 September 2012 10:01:06 Dan Carpenter wrote:
Hi Hans,
The patch ed45ce2cc0b3: [media] v4l2-subdev: add support for the new
edid ioctls from Aug 10, 2012, needs an overflow check the same as the
other cases in that switch statement.
drivers/media/v4l2-core/v4l2-ioctl.c
2200 case VIDIOC_SUBDEV_G_EDID:
2201 case VIDIOC_SUBDEV_S_EDID: {
2202 struct v4l2_subdev_edid *edid = parg;
2203
2204 if (edid-blocks) {
2205 *user_ptr = (void __user *)edid-edid;
2206 *kernel_ptr = (void *)edid-edid;
2207 *array_size = edid-blocks * 128;
^^
This can overflow.
2208 ret = 1;
2209 }
2210 break;
2211 }
True. Thanks for reporting this! I'll make a fix for it.
Regards,
Hans
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
