| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2a6629b95f9c8a5f41ec783ef2e39f5cba8e7a20.camel@collabora.com>
Date: Mon, 09 Dec 2019 21:30:44 -0500
From: Nicolas Dufresne <nicolas.dufresne@...labora.com>
To: Nicolas Dufresne <nicolas.dufresne@...labora.com>
Cc: Laurent Pinchart <laurent.pinchart@...asonboard.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] uvcvideo: Also validate buffers in BULK mode
Le lundi 09 décembre 2019 à 21:27 -0500, Nicolas Dufresne a écrit :
> Le mardi 05 juin 2018 à 19:46 -0400, Nicolas Dufresne a écrit :
> > Just like for ISOC, validate the decoded BULK buffer size when possible.
> > This avoids sending corrupted or partial buffers to userspace, which may
> > lead to application crash or run-time failure.
> >
> > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@...labora.com>
>
> Ping. That was a year and a half ago and still applies.
Please ignore, I was looking into the wrong branch by accident. Please,
update patchwork, that might also help to avoid confusion.
>
> > ---
> > drivers/media/usb/uvc/uvc_video.c | 9 +++------
> > 1 file changed, 3 insertions(+), 6 deletions(-)
> >
> > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c
> > index aa0082fe5833..025ffac196f3 100644
> > --- a/drivers/media/usb/uvc/uvc_video.c
> > +++ b/drivers/media/usb/uvc/uvc_video.c
> > @@ -1234,6 +1234,7 @@ static void uvc_video_next_buffers(struct uvc_streaming *stream,
> > *meta_buf = uvc_queue_next_buffer(&stream->meta.queue,
> > *meta_buf);
> > }
> > + uvc_video_validate_buffer(stream, *video_buf);
> > *video_buf = uvc_queue_next_buffer(&stream->queue, *video_buf);
> > }
> >
> > @@ -1258,10 +1259,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream,
> > do {
> > ret = uvc_video_decode_start(stream, buf, mem,
> > urb->iso_frame_desc[i].actual_length);
> > - if (ret == -EAGAIN) {
> > - uvc_video_validate_buffer(stream, buf);
> > + if (ret == -EAGAIN)
> > uvc_video_next_buffers(stream, &buf, &meta_buf);
> > - }
> > } while (ret == -EAGAIN);
> >
> > if (ret < 0)
> > @@ -1277,10 +1276,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream,
> > uvc_video_decode_end(stream, buf, mem,
> > urb->iso_frame_desc[i].actual_length);
> >
> > - if (buf->state == UVC_BUF_STATE_READY) {
> > - uvc_video_validate_buffer(stream, buf);
> > + if (buf->state == UVC_BUF_STATE_READY)
> > uvc_video_next_buffers(stream, &buf, &meta_buf);
> > - }
> > }
> > }
> >
Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)
Powered by blists - more mailing lists