[PATCH] media: vb2: add length check for mmap

Seung-Woo Kim Thu, 11 Apr 2013 20:57:50 -0700

The length of mmap() can be bigger than length of vb2 buffer, so
it should be checked.


Signed-off-by: Seung-Woo Kim <sw0312....@samsung.com>
---
 drivers/media/v4l2-core/videobuf2-core.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/drivers/media/v4l2-core/videobuf2-core.c 
b/drivers/media/v4l2-core/videobuf2-core.c
index db1235d..2c6ff2d 100644
--- a/drivers/media/v4l2-core/videobuf2-core.c
+++ b/drivers/media/v4l2-core/videobuf2-core.c
@@ -1886,6 +1886,11 @@ int vb2_mmap(struct vb2_queue *q, struct vm_area_struct 
*vma)
 
        vb = q->bufs[buffer];
 
+       if (vb->v4l2_planes[plane].length < (vma->vm_end - vma->vm_start)) {
+               dprintk(1, "Invalid length\n");
+               return -EINVAL;
+       }
+
        ret = call_memop(q, mmap, vb->planes[plane].mem_priv, vma);
        if (ret)
                return ret;
-- 
1.7.4.1

--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] media: vb2: add length check for mmap

Reply via email to