Em Wed, 26 Sep 2012 10:33:51 +0200 Hans Verkuil <hverkuil@xxxxxxxxx> escreveu: > On Tue 25 September 2012 13:56:34 Hans Verkuil wrote: > > Hi Mauro, > > > > As requested! > > I've respun this tree, fixing one documentation bug (the max value for > 'blocks' is 256, not 255) and adding an overflow check in v4l2-ioctl.c as > reported by Dan Carpenter: > > http://www.mail-archive.com/linux-media@xxxxxxxxxxxxxxx/msg52640.html It seems you forgot to send the patches for review at the ML (at least, I'm not seeing it on my linux-media local inbox). Also, please document it better. Only after reading Dan's email I was able to understand *why* you wrote such patch, as your patch description is bogus: > Subject: Return -EINVAL if blocks > 256. > >... > >@@ -2205,6 +2205,10 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, > struct v4l2_subdev_edid *edid = parg; > > if (edid->blocks) { >+ if (edid->blocks > 256) { >+ ret = -EINVAL; >+ break; Well, Kernel developers are generally able to read C, so you don't need to repeat what's written at the code as the patch subject ;) Dan's comment provides the reason why this patch is needed: > 2207 *array_size = edid->blocks * 128; > ^^^^^^^^^^^^^^^^^^ > This can overflow. So, the patch subject should be saying, instead: v4l2-ioctl: limit the max amount of edid blocks to avoid overflow and putting Dan's comments in the body of the patch description. Thanks! Mauro -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
