| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Apr 2009 06:55:45 +0200
From: Németh Márton <nm127@...email.hu>
To: Trent Piepho <xyzzy@...akeasy.org>
CC: Mauro Carvalho Chehab <mchehab@...radead.org>,
linux-media@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] v4l2: fill the unused fields with zeros in case of VIDIOC_S_FMT
The VIDIOC_S_FMT is a write-read ioctl: it sets the format and returns
the current format in case of success. The parameter of VIDIOC_S_FMT
ioctl is a pointer to struct v4l2_format. [1] This structure contains
a fmt union so there are some padding bytes which are not used depending
on the .type value. These unused bytes are filled with zeros with this patch.
The patch was tested with v4l-test 0.12 [2] with vivi and with
gspca_sunplus driver together with Trust 610 LCD POWERC@M ZOOM.
References:
[1] V4L2 API specification, revision 0.24
http://v4l2spec.bytesex.org/spec/r10944.htm
[2] v4l-test: Test environment for Video For Linux Two API
http://v4l-test.sourceforge.net/
Signed-off-by: Márton Németh <nm127@...email.hu>
---
--- linux/drivers/media/video/v4l2-ioctl.c.orig 2009-04-22 05:07:00.000000000 +0200
+++ linux/drivers/media/video/v4l2-ioctl.c 2009-04-26 06:29:20.000000000 +0200
@@ -777,44 +777,61 @@ static long __video_do_ioctl(struct file
{
struct v4l2_format *f = (struct v4l2_format *)arg;
+#define CLEAR_UNUSED_FIELDS(data, last_member) \
+ memset(((u8 *)data)+ \
+ offsetof(struct v4l2_format, fmt)+ \
+ sizeof(struct v4l2_ ## last_member), \
+ 0, \
+ sizeof(*(data))- \
+ (offsetof(struct v4l2_format, fmt)+ \
+ sizeof(struct v4l2_ ## last_member)))
+
/* FIXME: Should be one dump per type */
dbgarg(cmd, "type=%s\n", prt_names(f->type, v4l2_type_names));
switch (f->type) {
case V4L2_BUF_TYPE_VIDEO_CAPTURE:
+ CLEAR_UNUSED_FIELDS(f, pix_format);
v4l_print_pix_fmt(vfd, &f->fmt.pix);
if (ops->vidioc_s_fmt_vid_cap)
ret = ops->vidioc_s_fmt_vid_cap(file, fh, f);
break;
case V4L2_BUF_TYPE_VIDEO_OVERLAY:
+ CLEAR_UNUSED_FIELDS(f, window);
if (ops->vidioc_s_fmt_vid_overlay)
ret = ops->vidioc_s_fmt_vid_overlay(file,
fh, f);
break;
case V4L2_BUF_TYPE_VIDEO_OUTPUT:
+ CLEAR_UNUSED_FIELDS(f, pix_format);
v4l_print_pix_fmt(vfd, &f->fmt.pix);
if (ops->vidioc_s_fmt_vid_out)
ret = ops->vidioc_s_fmt_vid_out(file, fh, f);
break;
case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
+ CLEAR_UNUSED_FIELDS(f, window);
if (ops->vidioc_s_fmt_vid_out_overlay)
ret = ops->vidioc_s_fmt_vid_out_overlay(file,
fh, f);
break;
case V4L2_BUF_TYPE_VBI_CAPTURE:
+ CLEAR_UNUSED_FIELDS(f, vbi_format);
if (ops->vidioc_s_fmt_vbi_cap)
ret = ops->vidioc_s_fmt_vbi_cap(file, fh, f);
break;
case V4L2_BUF_TYPE_VBI_OUTPUT:
+ CLEAR_UNUSED_FIELDS(f, vbi_format);
if (ops->vidioc_s_fmt_vbi_out)
ret = ops->vidioc_s_fmt_vbi_out(file, fh, f);
break;
case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
+ CLEAR_UNUSED_FIELDS(f, sliced_vbi_format);
if (ops->vidioc_s_fmt_sliced_vbi_cap)
ret = ops->vidioc_s_fmt_sliced_vbi_cap(file,
fh, f);
break;
case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
+ CLEAR_UNUSED_FIELDS(f, sliced_vbi_format);
if (ops->vidioc_s_fmt_sliced_vbi_out)
ret = ops->vidioc_s_fmt_sliced_vbi_out(file,
fh, f);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists