From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 10 Sep 2014 10:10:13 -0700 From: Greg KH To: Maciej Matraszek Cc: linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, Mauro Carvalho Chehab , Hans Verkuil , Lars-Peter Clausen , Sylwester Nawrocki , stable@vger.kernel.org, Krzysztof Kozlowski , Bartlomiej Zolnierkiewicz , Sakari Ailus Subject: Re: [PATCH v2] [media] v4l2-common: fix overflow in v4l_bound_align_image() Message-ID: <20140910171013.GA14048@kroah.com> References: <1410367869-27688-1-git-send-email-m.matraszek@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1410367869-27688-1-git-send-email-m.matraszek@samsung.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: On Wed, Sep 10, 2014 at 06:51:09PM +0200, Maciej Matraszek wrote: > Fix clamp_align() used in v4l_bound_align_image() to prevent overflow when > passed large value like UINT32_MAX. In the current implementation: > clamp_align(UINT32_MAX, 8, 8192, 3) > returns 8, because in line: > x = (x + (1 << (align - 1))) & mask; > x overflows to (-1 + 4) & 0x7 = 3, while expected value is 8192. > > v4l_bound_align_image() is heavily used in VIDIOC_S_FMT > and VIDIOC_SUBDEV_S_FMT ioctls handlers, and documentation of the latter > explicitly states that: > > "The modified format should be as close as possible to the original request." > -- http://linuxtv.org/downloads/v4l-dvb-apis/vidioc-subdev-g-fmt.html > > Thus one would expect, that passing UINT32_MAX as format width and height > will result in setting maximum possible resolution for the device. > Particularly, when the driver doesn't support VIDIOC_ENUM_FRAMESIZES ioctl, > which is common in the codebase. > > Fixes: b0d3159be9a3 ("V4L/DVB (11901): v4l2: Create helper function for bounding and aligning images") > Signed-off-by: Maciej Matraszek > Acked-by: Sakari Ailus > > --- This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read Documentation/stable_kernel_rules.txt for how to do this properly.