Re: [PATCH] media: v4l2-compat-ioctl32: check for max size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 19/10/2020 13:54, Defang Bo wrote:
> Similar to commit<ea72fbf588ac>("media: v4l2-compat-ioctl32: prevent go past max size"} ,add max size check for count variable.
> 
> Signed-off-by: Defang Bo <bodefang@xxxxxxx>
> ---
>  drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> index a99e82e..5041d60 100644
> --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
> @@ -207,7 +207,7 @@ static int put_v4l2_window32(struct v4l2_window __user *p64,
>  	    get_user(clipcount, &p64->clipcount) ||
>  	    put_user(clipcount, &p32->clipcount))
>  		return -EFAULT;
> -	if (!clipcount)
> +	if (!clipcount || count > (U32_MAX/sizeof(*uclips)))

Clearly you didn't compile this since count should have been clipcount.

And in any case, this is bogus since get_v4l2_window32() already checks that
clipcount doesn't exceed 2048.

Regards,

	Hans

>  		return 0;
>  
>  	if (get_user(kclips, &p64->clips))
>
[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux