| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Aug 2017 23:52:02 +0200
From: "Maciej S. Szmigiero" <mail@...iej.szmigiero.name>
To: Michael Krufky <mkrufky@...uxtv.org>,
Mauro Carvalho Chehab <mchehab@...nel.org>
Cc: Andy Walls <awalls@...metrocast.net>,
linux-kernel <linux-kernel@...r.kernel.org>,
linux-media@...r.kernel.org
Subject: [PATCH 3/5] [media] cx25840: fix a possible divide by zero in set_fmt
callback
If set_fmt callback is called with format->width or format->height set to
zero and HACTIVE_CNT or VACTIVE_CNT bits (respectively) in chip are zero
we will divide by zero later in this callback when we try to calculate
HSC or VSC values.
Fix this by explicitly rejecting these values.
Signed-off-by: Maciej S. Szmigiero <mail@...iej.szmigiero.name>
---
drivers/media/i2c/cx25840/cx25840-core.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/media/i2c/cx25840/cx25840-core.c b/drivers/media/i2c/cx25840/cx25840-core.c
index 2fa74c23d619..c19f39821f46 100644
--- a/drivers/media/i2c/cx25840/cx25840-core.c
+++ b/drivers/media/i2c/cx25840/cx25840-core.c
@@ -1691,8 +1691,9 @@ static int cx25840_set_fmt(struct v4l2_subdev *sd,
* height. Without that margin the cx23885 fails in this
* check.
*/
- if ((fmt->width * 16 < Hsrc) || (Hsrc < fmt->width) ||
- (Vlines * 8 < Vsrc) || (Vsrc + 1 < Vlines)) {
+ if ((fmt->width == 0) || (Vlines == 0) ||
+ (fmt->width * 16 < Hsrc) || (Hsrc < fmt->width) ||
+ (Vlines * 8 < Vsrc) || (Vsrc + 1 < Vlines)) {
v4l_err(client, "%dx%d is not a valid size!\n",
fmt->width, fmt->height);
return -ERANGE;
Powered by blists - more mailing lists