xiaoxiang781216 commented on code in PR #8000:
URL: https://github.com/apache/nuttx/pull/8000#discussion_r1060052856
##########
drivers/video/fb.c:
##########
@@ -682,6 +675,29 @@ static int fb_ioctl(FAR struct file *filep, int cmd,
unsigned long arg)
return ret;
}
+static int fb_mmap(FAR struct file *filep, FAR struct mm_map_entry_s *map)
+{
+ FAR struct inode *inode;
+ FAR struct fb_chardev_s *fb;
+ int ret = -EINVAL;
+
+ /* Get the framebuffer instance */
+
+ DEBUGASSERT(filep != NULL && filep->f_inode != NULL);
+ inode = filep->f_inode;
+ fb = (FAR struct fb_chardev_s *)inode->i_private;
+
+ /* Return the address corresponding to the start of frame buffer. */
+
+ if (map->offset + map->length <= fb->fblen)
Review Comment:
after more thought, we need do more check:
```
if (map->offset >= 0 && map->offset < fb->fblen &&
map->offset + map->length <= fb->fblen)
```
to avoid the hacker passes the wrong value. Other places need make the
similar change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
