From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 94248256C79 for ; Wed, 4 Jun 2025 12:16:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.45 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749039369; cv=none; b=nDLSY4d/XGbrerJ4BV0slEB3KYKZDZeE2Fex8D0Bf0gUbJB3vRm4wWb4fv9NwxEZ+vBN+oPoWrCLYjdfpd+OQh/LPHRh3YI/pFva0kQCuzyhO9ay4xs/xdCiZ2gue/3+GMrvO/eI2/VxBjX2UFyMh9YN2yXuBNDeigtijH29ZXE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749039369; c=relaxed/simple; bh=jSBviQQTH7JAePMwo7QwRip56LEcJbJopD0NUjuBTkQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=k3yy+BswZ8vMOYFXxCS53i6twM1DRU+1N/FhN/VSlNa5CUM6+ItIaOR3mQbIYLOHnxdWuo83hP00jRT48BOVb+kA7Pz0bxFvpTuxh10+fYL9S8aeOMngr1P+R1kj/eFGdEYWRc8y+ak+G5LN68UlmEJguJr6nkbkd9qpwBzrzGg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=G8iyOkHg; arc=none smtp.client-ip=209.85.167.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="G8iyOkHg" Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-55342bca34eso4529676e87.2 for ; Wed, 04 Jun 2025 05:16:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1749039364; x=1749644164; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=9bRE2ys8mv+7tBhBfvYdhYX2EBs6/nnVBCJEn6Vbnr8=; b=G8iyOkHgPN+IXSQUq/50GbvfkUfYWE1dHn25TjVwlMnCI57vMa0ouZo0U5J7Om9WzN lSozfueM+T7UjGRuGi2SuzxlBQTWdcGNZ2gdVWffCUYLaM7Imp0a3rtLA1zD+6niy3e/ Ddr+9OhNKBcrntuRrnBk07c37Mg5rpDdIef70= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749039364; x=1749644164; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9bRE2ys8mv+7tBhBfvYdhYX2EBs6/nnVBCJEn6Vbnr8=; b=LPWgQYiy8q/BegKnq28WevBkVHY/MkwlM3+YmUYJnkdwbUWECwh39W+QkQAytBjJyP P7RoR6d3eGChiwRZcCOOU+BhXQ7UMq2476kNhQg+Sii3r05Jdfnla8LR9lFB3P1pXUoS h7U9+yRZAYPHibISb+iV23QIu5SaLhumMD+lHAMayjeOrYIa1KY+2/bYJcT1xus2j4aw A+CbefHeIC0ov/vR/m1WqF3wbskU3MfWG4TtUz3hWtQPqmpRRBWLMKencmbd0C0n+oyY nFy4nrQxcceXLftvsS7FMZz2qIyPXvnZNbjMj671qOSHMaPWE74J+TwYg2uXNw6iAJia AYSg== X-Forwarded-Encrypted: i=1; AJvYcCW/6Gi7TFpeFxnbo276ReQrJ3GrgJKzjg3gjsA5XAJ3nhkYfrQN3HCc+H9Kzhf+9kV9T/vJ0cRVqq0=@vger.kernel.org X-Gm-Message-State: AOJu0Yy6USfQP49e+6hiLQxihluEJQlwcVkWhC+USzMA4qqkxIDYtf5/ NV7QC8zis5ockB43dkWa/GKXy5ThL5fRWflDZF58CchClmYshLcDY/xW94RiQQxfRA== X-Gm-Gg: ASbGncvav5I6x+rBLaFXKBxEYV8X23sf8SbB8OhjAu0c2h7UZ8uT0Ot0sTFSXCJzJQS cFFS57zbF8CeqIUmE6C8aMNQUrXbKIm8G34TJmBSPvRRN6FJv3gQM9gh0qTeQb+NZ7GFnxR90q0 RkJibI4lnvNaLdZwc+/QHEGosYNFPq4lSJFFwa8/SoHCJ6cFENtua9Pz+JZlsxuKMl/242qJU18 Eo0k9fx53x+Y+uCl6AL7c+96ZsvwwcF90/g1EuT9b7D8YP9v0o2xcaaoKQXJjd9+jqK1rEDz/M8 ZUXCqHTwy96JKs8PLpJ0n8GG1qVW7lJJPSNbUnakGRitvAnTRj9kXmYC5yDQmwANZ7j4zKK1uls hu7NFh3Op1ijDdrUdUvMZ1acJGgCUSjpyX07j X-Google-Smtp-Source: AGHT+IH07nfEfCPRSuygtbpDMHx2EgaT3En+BmBFDnKq74uak7z24qXSWnIDRK5q++KIzPjVa2AeUA== X-Received: by 2002:a05:6512:3d28:b0:549:5866:6489 with SMTP id 2adb3069b0e04-55356defd46mr716577e87.47.1749039364509; Wed, 04 Jun 2025 05:16:04 -0700 (PDT) Received: from ribalda.c.googlers.com (90.52.88.34.bc.googleusercontent.com. [34.88.52.90]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-553378a12ecsm2289134e87.90.2025.06.04.05.16.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Jun 2025 05:16:04 -0700 (PDT) From: Ricardo Ribalda Date: Wed, 04 Jun 2025 12:16:02 +0000 Subject: [PATCH v6 1/4] media: uvcvideo: Do not mark valid metadata as invalid Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250604-uvc-meta-v6-1-7141d48c322c@chromium.org> References: <20250604-uvc-meta-v6-0-7141d48c322c@chromium.org> In-Reply-To: <20250604-uvc-meta-v6-0-7141d48c322c@chromium.org> To: Laurent Pinchart , Hans de Goede , Mauro Carvalho Chehab , Guennadi Liakhovetski , Greg Kroah-Hartman Cc: linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, Ricardo Ribalda , stable@vger.kernel.org, Hans de Goede X-Mailer: b4 0.14.2 Currently, the driver performs a length check of the metadata buffer before the actual metadata size is known and before the metadata is decided to be copied. This results in valid metadata buffers being incorrectly marked as invalid. Move the length check to occur after the metadata size is determined and is decided to be copied. Cc: stable@vger.kernel.org Fixes: 088ead255245 ("media: uvcvideo: Add a metadata device node") Reviewed-by: Laurent Pinchart Reviewed-by: Hans de Goede Signed-off-by: Ricardo Ribalda --- drivers/media/usb/uvc/uvc_video.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index e3567aeb0007c1f0a766f331e4e744359e95a863..b113297dac61f1b2eecd72c36ea61ef2c1e7d28a 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -1433,12 +1433,6 @@ static void uvc_video_decode_meta(struct uvc_streaming *stream, if (!meta_buf || length == 2) return; - if (meta_buf->length - meta_buf->bytesused < - length + sizeof(meta->ns) + sizeof(meta->sof)) { - meta_buf->error = 1; - return; - } - has_pts = mem[1] & UVC_STREAM_PTS; has_scr = mem[1] & UVC_STREAM_SCR; @@ -1459,6 +1453,12 @@ static void uvc_video_decode_meta(struct uvc_streaming *stream, !memcmp(scr, stream->clock.last_scr, 6))) return; + if (meta_buf->length - meta_buf->bytesused < + length + sizeof(meta->ns) + sizeof(meta->sof)) { + meta_buf->error = 1; + return; + } + meta = (struct uvc_meta_buf *)((u8 *)meta_buf->mem + meta_buf->bytesused); local_irq_save(flags); time = uvc_video_get_time(); -- 2.50.0.rc0.604.gd4ff7b7c86-goog