From mboxrd@z Thu Jan  1 00:00:00 1970
From: tiffany lin <tiffany.lin@mediatek.com>
Subject: Re: [PATCH] media: v4l2-compat-ioctl32: fix missing length copy in
 put_v4l2_buffer32
Date: Fri, 15 Jan 2016 11:05:26 +0800
Message-ID: <1452827126.27524.1.camel@mtksdaap41>
References: <1452757045-34051-1-git-send-email-tiffany.lin@mediatek.com>
	 <56975409.3090801@xs4all.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-media-owner@vger.kernel.org>
In-Reply-To: <56975409.3090801@xs4all.nl>
Sender: linux-media-owner@vger.kernel.org
To: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>, Eddie Huang <eddie.huang@mediatek.com>, Yingjoe Chen <yingjoe.chen@mediatek.com>, linux-media@vger.kernel.org, linux-mediatek@lists.infradead.org
List-Id: linux-mediatek@lists.infradead.org

Hi Hans,

On Thu, 2016-01-14 at 08:53 +0100, Hans Verkuil wrote:
> Hi Tiffany,
> 
> Good catch! But looking through the compat code I noticed that in the
> single-planar DMABUF case the length field is also never copied. I think
> it would be much simpler if the length field is just always copied instead
> of in each multiplanar or singleplanar mmap/userptr/dmabuf case. It will
> simplify the code and prevent such mistakes in the future.
> 
> Can you make a v2 that makes that change?
> 
Sure, I had sent v2.

best regards,
Tiffany
> Thanks!
> 
> 	Hans
> 
> On 01/14/2016 08:37 AM, Tiffany Lin wrote:
> > In v4l2-compliance utility, test QUERYBUF required correct length
> > value to go through each planar to check planar's length in multi-planar
> > 
> > Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com>
> > ---
> >  drivers/media/v4l2-core/v4l2-compat-ioctl32.c |    3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> > index 327e83a..5ba932a 100644
> > --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> > +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> > @@ -521,6 +521,9 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
> >  		if (num_planes == 0)
> >  			return 0;
> >  
> > +		if (put_user(kp->length, &up->length))
> > +			return -EFAULT;
> > +
> >  		uplane = (__force struct v4l2_plane __user *)kp->m.planes;
> >  		if (get_user(p, &up->m.planes))
> >  			return -EFAULT;
> > 
>