| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Feb 2023 21:43:50 +0100
From: Martin Blumenstingl <martin.blumenstingl@...glemail.com>
To: Ville Syrjälä <ville.syrjala@...ux.intel.com>
Cc: dri-devel@...ts.freedesktop.org, Helge Deller <deller@....de>,
linux-fbdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Hans Verkuil <hans.verkuil@...co.com>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
Bernard Zhao <bernard@...o.com>
Subject: Re: [PATCH v1 RFC] video/hdmi: Fix HDMI_VENDOR_INFOFRAME_SIZE
Hello Ville.
On Mon, Feb 6, 2023 at 10:58 AM Ville Syrjälä
<ville.syrjala@...ux.intel.com> wrote:
[...]
> > Change HDMI_VENDOR_INFOFRAME_SIZE to 6 bytes so
> > hdmi_vendor_infoframe_pack_only() can properly check the passed buffer
> > size and avoid an out of bounds write to ptr[8] or ptr[9].
>
> The function should return -ENOSPC if the caller didn't
> provide a big enough buffer.
Indeed, I'm not sure why I didn't notice when I sent the patch.
> Are you saying there are drivers that are passing a bogus size here?
Thankfully not - at least when I checked the last time drivers passed
a 10 byte - or bigger - buffer.
My main concern is the HDMI_INFOFRAME_SIZE macro. It's used in various
drivers like this:
u8 buffer[HDMI_INFOFRAME_SIZE(AVI)];
One could use HDMI_VENDOR_INFOFRAME_SIZE with this as well:
u8 buffer[HDMI_INFOFRAME_SIZE(VENDOR)];
But it would only result in an 8 byte wide buffer.
Nobody uses it like this yet.
Do you see any reason why my patch could cause problems?
If not then I want to re-send it with an updated description.
Best regards,
Martin
Powered by blists - more mailing lists