Re: [PATCH 10/10] video/hdmi: Pass buffer size to infoframe unpack functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 20, 2017 at 02:36:20PM +0100, Hans Verkuil wrote:
> On 11/13/2017 06:04 PM, Ville Syrjala wrote:
> > From: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx>
<snip>
> > @@ -1163,7 +1176,7 @@ static int hdmi_audio_infoframe_unpack(struct hdmi_audio_infoframe *frame,
> >   */
> >  static int
> >  hdmi_vendor_any_infoframe_unpack(union hdmi_vendor_any_infoframe *frame,
> > -				 const void *buffer)
> > +				 const void *buffer, size_t size)
> >  {
> >  	const u8 *ptr = buffer;
> >  	size_t length;
> > @@ -1171,6 +1184,9 @@ hdmi_vendor_any_infoframe_unpack(union hdmi_vendor_any_infoframe *frame,
> >  	u8 hdmi_video_format;
> >  	struct hdmi_vendor_infoframe *hvf = &frame->hdmi;
> >  
> > +	if (size < HDMI_INFOFRAME_HEADER_SIZE)
> > +		return -EINVAL;
> > +
> 
> This check is not needed since that is already done in hdmi_infoframe_unpack().

Hmm. True. Somehow I was expecting that this function would have been
exported on its own, but it's static so clearly I was mistaken.

The pack functions are individually exported, which is where I got
this idea probably.

> 
> >  	if (ptr[0] != HDMI_INFOFRAME_TYPE_VENDOR ||
> >  	    ptr[1] != 1 ||
> >  	    (ptr[2] != 4 && ptr[2] != 5 && ptr[2] != 6))
> > @@ -1178,6 +1194,9 @@ hdmi_vendor_any_infoframe_unpack(union hdmi_vendor_any_infoframe *frame,
> >  
> >  	length = ptr[2];
> >  
> > +	if (size < HDMI_INFOFRAME_HEADER_SIZE + length)
> > +		return -EINVAL;
> > +
> >  	if (hdmi_infoframe_checksum(buffer,
> >  				    HDMI_INFOFRAME_HEADER_SIZE + length) != 0)
> >  		return -EINVAL;

-- 
Ville Syrjälä
Intel OTC



[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux