Hi Sakari, On Wednesday 09 December 2015 13:07:40 Sakari Ailus wrote: > On Wed, Dec 09, 2015 at 01:11:12AM +0200, Laurent Pinchart wrote: > > On Tuesday 08 December 2015 17:29:16 Sakari Ailus wrote: > > > On Mon, Dec 07, 2015 at 10:45:39AM +0200, Laurent Pinchart wrote: > > > > From: Gjorgji Rosikopulos <grosikopulos@xxxxxxxxxx> > > > > > > > > Buffer length is needed for single plane as well, otherwise > > > > is uninitialized and behaviour is undetermined. > > > > > > How about: > > > > > > The v4l2_buffer length field must be passed as well from user to kernel > > > and back, otherwise uninitialised values will be used. > > > > > > > Signed-off-by: Gjorgji Rosikopulos <grosikopulos@xxxxxxxxxx> > > > > Signed-off-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> > > > > > > Acked-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx> > > > > > > Shouldn't this be submitted to stable as well? > > > > I'll CC stable. > > > > > > --- > > > > > > > > drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 7 +++++-- > > > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > > > > b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index > > > > 8fd84a67478a..b0faa1f7e3a9 100644 > > > > --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > > > > +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > > > > @@ -482,8 +482,10 @@ static int get_v4l2_buffer32(struct v4l2_buffer > > > > *kp, struct v4l2_buffer32 __user > > > > return -EFAULT; > > > > break; > > > > > > > > case V4L2_MEMORY_DMABUF: > > > > - if (get_user(kp->m.fd, &up->m.fd)) > > > > + if (get_user(kp->m.fd, &up->m.fd) || > > > > + get_user(kp->length, &up->length)) > > > > return -EFAULT; > > > > + > > Without the extra newline, please? Sure, I'll fix that in the pull request. -- Regards, Laurent Pinchart -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
