This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
I am proposing a series of 2 patches. First patch is very small and
fixes the issue. The idea is to have this patch merged quickly.
The second patch refactors the code into a new uvc_parse_frame function.
I do not have the hardware setup to test this out. The second patch
should definitely be tested.
Benoit Sevens (2):
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format
media: uvcvideo: Refactor frame parsing code into a uvc_parse_frame
function
drivers/media/usb/uvc/uvc_driver.c | 228 ++++++++++++++++-------------
1 file changed, 123 insertions(+), 105 deletions(-)
--
2.47.0.277.g8800431eea-goog
