Hi Sakari, > Hi Laurent and Gjorgji, > > On Mon, Dec 07, 2015 at 10:45:39AM +0200, Laurent Pinchart wrote: >> From: Gjorgji Rosikopulos grosikopulos@xxxxxxxxxx >> >> Buffer length is needed for single plane as well, otherwise >> is uninitialized and behaviour is undetermined. > > How about: > > The v4l2_buffer length field must be passed as well from user to kernel and > back, otherwise uninitialised values will be used. Yes that's better :) > >> >> Signed-off-by: Gjorgji Rosikopulos grosikopulos@xxxxxxxxxx >> Signed-off-by: Laurent Pinchart laurent.pinchart@xxxxxxxxxxxxxxxx > > Acked-by: Sakari Ailus sakari.ailus@xxxxxxxxxxxxxxx > > Shouldn't this be submitted to stable as well? > >> --- >> drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 7 +++++-- >> 1 file changed, 5 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c >> b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c >> index 8fd84a67478a..b0faa1f7e3a9 100644 >> --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c >> +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c >> @@ -482,8 +482,10 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, >> struct v4l2_buffer32 __user >> return -EFAULT; >> break; >> case V4L2_MEMORY_DMABUF: >> - if (get_user(kp->m.fd, &up->m.fd)) >> + if (get_user(kp->m.fd, &up->m.fd) || >> + get_user(kp->length, &up->length)) >> return -EFAULT; >> + >> break; >> } >> } >> @@ -550,7 +552,8 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, >> struct v4l2_buffer32 __user >> return -EFAULT; >> break; >> case V4L2_MEMORY_DMABUF: >> - if (put_user(kp->m.fd, &up->m.fd)) >> + if (put_user(kp->m.fd, &up->m.fd) || >> + put_user(kp->length, &up->length)) >> return -EFAULT; >> break; >> } > > -- > Kind regards, > > Sakari Ailus > e-mail: sakari.ailus@xxxxxx XMPP: sailus@xxxxxxxxxxxxxx > -- -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
