re: [media] v4l2-subdev: add support for the new edid ioctls

linux-media.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* re: [media] v4l2-subdev: add support for the new edid ioctls
@ 2012-09-26  8:01 Dan Carpenter
  2012-09-26  8:13 ` Hans Verkuil
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2012-09-26  8:01 UTC (permalink / raw)
  To: hans.verkuil; +Cc: linux-media

Hi Hans,

The patch ed45ce2cc0b3: "[media] v4l2-subdev: add support for the new
edid ioctls" from Aug 10, 2012, needs an overflow check the same as the
other cases in that switch statement.

drivers/media/v4l2-core/v4l2-ioctl.c

  2200          case VIDIOC_SUBDEV_G_EDID:
  2201          case VIDIOC_SUBDEV_S_EDID: {
  2202                  struct v4l2_subdev_edid *edid = parg;
  2203  
  2204                  if (edid->blocks) {
  2205                          *user_ptr = (void __user *)edid->edid;
  2206                          *kernel_ptr = (void *)&edid->edid;
  2207                          *array_size = edid->blocks * 128;
                                              ^^^^^^^^^^^^^^^^^^
This can overflow.

  2208                          ret = 1;
  2209                  }
  2210                  break;
  2211          }

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [media] v4l2-subdev: add support for the new edid ioctls
  2012-09-26  8:01 [media] v4l2-subdev: add support for the new edid ioctls Dan Carpenter
@ 2012-09-26  8:13 ` Hans Verkuil
  0 siblings, 0 replies; 2+ messages in thread
From: Hans Verkuil @ 2012-09-26  8:13 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: hans.verkuil, linux-media

On Wed 26 September 2012 10:01:06 Dan Carpenter wrote:
> Hi Hans,
> 
> The patch ed45ce2cc0b3: "[media] v4l2-subdev: add support for the new
> edid ioctls" from Aug 10, 2012, needs an overflow check the same as the
> other cases in that switch statement.
> 
> drivers/media/v4l2-core/v4l2-ioctl.c
> 
>   2200          case VIDIOC_SUBDEV_G_EDID:
>   2201          case VIDIOC_SUBDEV_S_EDID: {
>   2202                  struct v4l2_subdev_edid *edid = parg;
>   2203  
>   2204                  if (edid->blocks) {
>   2205                          *user_ptr = (void __user *)edid->edid;
>   2206                          *kernel_ptr = (void *)&edid->edid;
>   2207                          *array_size = edid->blocks * 128;
>                                               ^^^^^^^^^^^^^^^^^^
> This can overflow.
> 
>   2208                          ret = 1;
>   2209                  }
>   2210                  break;
>   2211          }

True. Thanks for reporting this! I'll make a fix for it.

Regards,

	Hans

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-09-26  8:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-26  8:01 [media] v4l2-subdev: add support for the new edid ioctls Dan Carpenter
2012-09-26  8:13 ` Hans Verkuil

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).