Patch "media: venus: hfi: fix the check to handle session buffer requirement" has been added to the 5.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    media: venus: hfi: fix the check to handle session buffer requirement

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     media-venus-hfi-fix-the-check-to-handle-session-buffer-requirement.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b18e36dfd6c935da60a971310374f3dfec3c82e1 Mon Sep 17 00:00:00 2001
From: Vikash Garodia <quic_vgarodia@xxxxxxxxxxx>
Date: Thu, 10 Aug 2023 07:55:02 +0530
Subject: media: venus: hfi: fix the check to handle session buffer requirement

From: Vikash Garodia <quic_vgarodia@xxxxxxxxxxx>

commit b18e36dfd6c935da60a971310374f3dfec3c82e1 upstream.

Buffer requirement, for different buffer type, comes from video firmware.
While copying these requirements, there is an OOB possibility when the
payload from firmware is more than expected size. Fix the check to avoid
the OOB possibility.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 09c2845e8fe4 ("[media] media: venus: hfi: add Host Firmware Interface (HFI)")
Reviewed-by: Nathan Hebert <nhebert@xxxxxxxxxxxx>
Signed-off-by: Vikash Garodia <quic_vgarodia@xxxxxxxxxxx>
Signed-off-by: Stanimir Varbanov <stanimir.k.varbanov@xxxxxxxxx>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/media/platform/qcom/venus/hfi_msgs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/media/platform/qcom/venus/hfi_msgs.c
+++ b/drivers/media/platform/qcom/venus/hfi_msgs.c
@@ -350,7 +350,7 @@ session_get_prop_buf_req(struct hfi_msg_
 		memcpy(&bufreq[idx], buf_req, sizeof(*bufreq));
 		idx++;
 
-		if (idx > HFI_BUFFER_TYPE_MAX)
+		if (idx >= HFI_BUFFER_TYPE_MAX)
 			return HFI_ERR_SESSION_INVALID_PARAMETER;
 
 		req_bytes -= sizeof(struct hfi_buffer_requirements);


Patches currently in stable-queue which might be from quic_vgarodia@xxxxxxxxxxx are

queue-5.4/media-venus-hfi-fix-the-check-to-handle-session-buffer-requirement.patch
queue-5.4/media-venus-hfi-add-checks-to-perform-sanity-on-queue-pointers.patch
queue-5.4/media-venus-hfi_parser-add-check-to-keep-the-number-of-codecs-within-range.patch
queue-5.4/media-venus-hfi-add-checks-to-handle-capabilities-from-firmware.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux