From: Johan Hovold <johan@kernel.org>
To: Dongliang Mu <dzm91@hust.edu.cn>
Cc: Alex Elder <elder@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jacopo Mondi <jacopo.mondi@linaro.org>,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Greg Kroah-Hartman <gregkh@google.com>,
greybus-dev@lists.linaro.org, linux-staging@lists.linux.dev,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drivers: staging: greybus: fix GPF issue in gb_camera_capture
Date: Thu, 4 May 2023 16:54:20 +0200 [thread overview]
Message-ID: <ZFPHHImqiVRRV5Cd@hovoldconsulting.com> (raw)
In-Reply-To: <20230504135841.1566958-1-dzm91@hust.edu.cn>
On Thu, May 04, 2023 at 09:58:41PM +0800, Dongliang Mu wrote:
> In gb_camera_capture(), it does not check the value of settings
> before dereferencing it. And gb_camera_debugfs_capture calls
> gb_camera_capture with the 6th parameter settings as NULL.
Looks like you just broke gb_camera_debugfs_capture() which relies on
passing NULL as settings.
> Fix this by checking the value of setting at the starting of
> gb_camera_capture.
>
> Fixes: 3265edaf0d70 ("greybus: Add driver for the camera class protocol")
> Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn>
> ---
> drivers/staging/greybus/camera.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/greybus/camera.c b/drivers/staging/greybus/camera.c
> index cdbb42cd413b..5a4b26e7f645 100644
> --- a/drivers/staging/greybus/camera.c
> +++ b/drivers/staging/greybus/camera.c
> @@ -659,7 +659,7 @@ static int gb_camera_capture(struct gb_camera *gcam, u32 request_id,
> size_t req_size;
> int ret;
>
> - if (settings_size > GB_CAMERA_MAX_SETTINGS_SIZE)
> + if (settings_size > GB_CAMERA_MAX_SETTINGS_SIZE || !settings)
> return -EINVAL;
>
> req_size = sizeof(*req) + settings_size;
Johan
next prev parent reply other threads:[~2023-05-04 14:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-04 13:58 [PATCH] drivers: staging: greybus: fix GPF issue in gb_camera_capture Dongliang Mu
2023-05-04 14:34 ` Alex Elder
2023-05-04 14:53 ` Dan Carpenter
2023-05-04 15:08 ` Dongliang Mu
2023-05-04 14:54 ` Johan Hovold [this message]
2023-05-04 15:09 ` Dongliang Mu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFPHHImqiVRRV5Cd@hovoldconsulting.com \
--to=johan@kernel.org \
--cc=dzm91@hust.edu.cn \
--cc=elder@kernel.org \
--cc=gregkh@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=greybus-dev@lists.linaro.org \
--cc=jacopo.mondi@linaro.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.