On 04/01/2025 05:41, Vedang Nagar wrote:
num_properties_changed is being read from the message queue but is
not validated. Value can be corrupted from the firmware leading to
OOB read access issues. Add fix to read the size of the packets as
well and crosscheck before reading from the packet.
Signed-off-by: Vedang Nagar <quic_vnagar@xxxxxxxxxxx>
Please see Vikash's series on this.
https://lore.kernel.org/linux-arm-msm/20241128-venus_oob_2-v2-2-483ae0a464b8@xxxxxxxxxxx/
it seems to have exactly the same patch title ?
Is this patch supposed to be a follow-up to that patch ?
https://lore.kernel.org/linux-arm-msm/20241128-venus_oob_2-v2-0-483ae0a464b8@xxxxxxxxxxx/
Expecting to see a V3 of the above. If the intention is to supersede
that patch or some of those patches you should make clear here.
On the switch statement I'd have two comments.
#1 is everything really a " -= sizeof(u32)" ?
#2 if so then this ought to be factored out into a function
=> functional decomposition
---
bod
