| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7ff90036-a890-40d5-9305-72c0debb3594@redhat.com>
Date: Mon, 26 May 2025 15:12:04 +0200
From: Hans de Goede <hdegoede@...hat.com>
To: Ricardo Ribalda <ribalda@...omium.org>,
Laurent Pinchart <laurent.pinchart@...asonboard.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Guennadi Liakhovetski <guennadi.liakhovetski@...el.com>
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH v5 1/4] media: uvcvideo: Do not mark valid metadata as
invalid
Hi,
On 4-Apr-25 08:37, Ricardo Ribalda wrote:
> Currently, the driver performs a length check of the metadata buffer
> before the actual metadata size is known and before the metadata is
> decided to be copied. This results in valid metadata buffers being
> incorrectly marked as invalid.
>
> Move the length check to occur after the metadata size is determined and
> is decided to be copied.
>
> Cc: stable@...r.kernel.org
> Fixes: 088ead255245 ("media: uvcvideo: Add a metadata device node")
> Signed-off-by: Ricardo Ribalda <ribalda@...omium.org>
Thanks, patch looks good to me:
Reviewed-by: Hans de Goede <hansg@...nel.org>
Regards,
Hans
> ---
> drivers/media/usb/uvc/uvc_video.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c
> index e3567aeb0007c1f0a766f331e4e744359e95a863..b113297dac61f1b2eecd72c36ea61ef2c1e7d28a 100644
> --- a/drivers/media/usb/uvc/uvc_video.c
> +++ b/drivers/media/usb/uvc/uvc_video.c
> @@ -1433,12 +1433,6 @@ static void uvc_video_decode_meta(struct uvc_streaming *stream,
> if (!meta_buf || length == 2)
> return;
>
> - if (meta_buf->length - meta_buf->bytesused <
> - length + sizeof(meta->ns) + sizeof(meta->sof)) {
> - meta_buf->error = 1;
> - return;
> - }
> -
> has_pts = mem[1] & UVC_STREAM_PTS;
> has_scr = mem[1] & UVC_STREAM_SCR;
>
> @@ -1459,6 +1453,12 @@ static void uvc_video_decode_meta(struct uvc_streaming *stream,
> !memcmp(scr, stream->clock.last_scr, 6)))
> return;
>
> + if (meta_buf->length - meta_buf->bytesused <
> + length + sizeof(meta->ns) + sizeof(meta->sof)) {
> + meta_buf->error = 1;
> + return;
> + }
> +
> meta = (struct uvc_meta_buf *)((u8 *)meta_buf->mem + meta_buf->bytesused);
> local_irq_save(flags);
> time = uvc_video_get_time();
>
Powered by blists - more mailing lists