lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 17 Nov 2021 13:02:38 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
Cc:     linuxarm@...wei.com, mauro.chehab@...wei.com,
        Deepak R Varma <drv@...lo.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        Tsuchiya Yuto <kitakar@...il.com>,
        linux-kernel@...r.kernel.org, linux-media@...r.kernel.org,
        linux-staging@...ts.linux.dev
Subject: Re: [PATCH 13/13] media: atomisp: sh_css_sp: better support the
 current firmware

On Wed, Nov 17, 2021 at 09:25:38AM +0000, Mauro Carvalho Chehab wrote:
> As we're using Intel Aero firmware, make the code closer to the
> driver for such device.

I don't really understand this commit message.  Is there a out of tree
Intel driver?

> diff --git a/drivers/staging/media/atomisp/pci/sh_css_sp.c b/drivers/staging/media/atomisp/pci/sh_css_sp.c
> index f6db1f4a0e1d..a11078acb072 100644
> --- a/drivers/staging/media/atomisp/pci/sh_css_sp.c
> +++ b/drivers/staging/media/atomisp/pci/sh_css_sp.c
> @@ -982,6 +982,7 @@ sh_css_sp_init_stage(struct ia_css_binary *binary,
>  	/* Make sure binary name is smaller than allowed string size */
>  	assert(strlen(binary_name) < SH_CSS_MAX_BINARY_NAME - 1);
>  	strscpy(sh_css_isp_stage.binary_name, binary_name, SH_CSS_MAX_BINARY_NAME);
> +	sh_css_isp_stage.binary_name[SH_CSS_MAX_BINARY_NAME - 1] = 0;

No, need for this.  strscpy() already guarantees that the result is NULL
terminated.  That's one of the main reasons Linus invented it instead of
using strncpy().

>  #ifdef ISP2401
> -	if (stage == 0) {
> -		pipe = find_pipe_by_num(sh_css_sp_group.pipe[thread_id].pipe_num);
> -		if (!pipe)
> -			return -EINVAL;
> +	pipe = find_pipe_by_num(sh_css_sp_group.pipe[thread_id].pipe_num);
> +	if (!pipe)
> +		return -EINVAL;
>  
> -		if (args->in_frame)
> -			ia_css_get_crop_offsets(pipe, &args->in_frame->info);
> -		else
> -			ia_css_get_crop_offsets(pipe, &binary->in_frame_info);
> -	}
> +	if (args->in_frame)
> +		ia_css_get_crop_offsets(pipe, &args->in_frame->info);
> +	else if (&binary->in_frame_info)
                  ^^^^^^^^^^^^^^^^^^^^^

This condition is wrong.  This is the address of something in the middle
of "binary" so it can't be NULL.

> +		ia_css_get_crop_offsets(pipe, &binary->in_frame_info);
>  #else
>  	(void)pipe; /*avoid build warning*/
>  #endif

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ