Hi Sakari,
Thank you for the patch.
On Monday 31 March 2014 11:23:08 Sakari Ailus wrote:
> VIDIOC_SUBDEV_[GS]_FRAME_INTERVAL IOCTLs argument structs contain the pad
> field but the validity check was missing. There should be no implications
> security-wise from this since no driver currently uses the pad field in the
> struct.
>
> Signed-off-by: Sakari Ailus <sakari.ai...@linux.intel.com>
Acked-by: Laurent Pinchart <laurent.pinch...@ideasonboard.com>
> ---
> drivers/media/v4l2-core/v4l2-subdev.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/v4l2-core/v4l2-subdev.c
> b/drivers/media/v4l2-core/v4l2-subdev.c index aea84ac..0ed4c5b 100644
> --- a/drivers/media/v4l2-core/v4l2-subdev.c
> +++ b/drivers/media/v4l2-core/v4l2-subdev.c
> @@ -305,11 +305,23 @@ static long subdev_do_ioctl(struct file *file,
> unsigned int cmd, void *arg) fse);
> }
>
> - case VIDIOC_SUBDEV_G_FRAME_INTERVAL:
> + case VIDIOC_SUBDEV_G_FRAME_INTERVAL: {
> + struct v4l2_subdev_frame_interval *fi = arg;
> +
> + if (fi->pad >= sd->entity.num_pads)
> + return -EINVAL;
> +
> return v4l2_subdev_call(sd, video, g_frame_interval, arg);
> + }
> +
> + case VIDIOC_SUBDEV_S_FRAME_INTERVAL: {
> + struct v4l2_subdev_frame_interval *fi = arg;
> +
> + if (fi->pad >= sd->entity.num_pads)
> + return -EINVAL;
>
> - case VIDIOC_SUBDEV_S_FRAME_INTERVAL:
> return v4l2_subdev_call(sd, video, s_frame_interval, arg);
> + }
>
> case VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL: {
> struct v4l2_subdev_frame_interval_enum *fie = arg;
--
Regards,
Laurent Pinchart
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
