On Monday 31 August 2009 15:19:32 Mauro Carvalho Chehab wrote: > Em Mon, 31 Aug 2009 08:52:38 +0200 > > Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> escreveu: > > > - dereferencing a NULL pointer is not always result segfault, see [1] > > > and [2]. So dereferencing a NULL pointer can be treated also as a > > > security risk. > > From kernelspace drivers POV, any calls sending a NULL pointer should > result in an error as soon as possible, to avoid any security risks. > Currently, this check is left to the driver, but we should consider > implementing such control globally, at video_ioctl2 and at compat32 layer. > > IMHO, libv4l should mimic the driver behavior of returning an error instead > of letting the application to segfault, since, on some critical > applications, like video-surveillance security systems, a segfault could be > very bad. And uncaught errors would be even better. A segfault will be noticed right away, while an unhandled error code might slip through to the released software. If a security-sensitive application passes a NULL pointer where it shouldn't I'd rather see the development machine burst into flames instead of silently ignoring the problem. -- Laurent Pinchart -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
