Message ID | 1452757045-34051-1-git-send-email-tiffany.lin@mediatek.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Hi Tiffany, Good catch! But looking through the compat code I noticed that in the single-planar DMABUF case the length field is also never copied. I think it would be much simpler if the length field is just always copied instead of in each multiplanar or singleplanar mmap/userptr/dmabuf case. It will simplify the code and prevent such mistakes in the future. Can you make a v2 that makes that change? Thanks! Hans On 01/14/2016 08:37 AM, Tiffany Lin wrote: > In v4l2-compliance utility, test QUERYBUF required correct length > value to go through each planar to check planar's length in multi-planar > > Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com> > --- > drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > index 327e83a..5ba932a 100644 > --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > @@ -521,6 +521,9 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user > if (num_planes == 0) > return 0; > > + if (put_user(kp->length, &up->length)) > + return -EFAULT; > + > uplane = (__force struct v4l2_plane __user *)kp->m.planes; > if (get_user(p, &up->m.planes)) > return -EFAULT; >
Hi Hans, On Thu, 2016-01-14 at 08:53 +0100, Hans Verkuil wrote: > Hi Tiffany, > > Good catch! But looking through the compat code I noticed that in the > single-planar DMABUF case the length field is also never copied. I think > it would be much simpler if the length field is just always copied instead > of in each multiplanar or singleplanar mmap/userptr/dmabuf case. It will > simplify the code and prevent such mistakes in the future. > > Can you make a v2 that makes that change? > Sure, I had sent v2. best regards, Tiffany > Thanks! > > Hans > > On 01/14/2016 08:37 AM, Tiffany Lin wrote: > > In v4l2-compliance utility, test QUERYBUF required correct length > > value to go through each planar to check planar's length in multi-planar > > > > Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com> > > --- > > drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > > index 327e83a..5ba932a 100644 > > --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > > +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > > @@ -521,6 +521,9 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user > > if (num_planes == 0) > > return 0; > > > > + if (put_user(kp->length, &up->length)) > > + return -EFAULT; > > + > > uplane = (__force struct v4l2_plane __user *)kp->m.planes; > > if (get_user(p, &up->m.planes)) > > return -EFAULT; > > >
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 327e83a..5ba932a 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -521,6 +521,9 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user if (num_planes == 0) return 0; + if (put_user(kp->length, &up->length)) + return -EFAULT; + uplane = (__force struct v4l2_plane __user *)kp->m.planes; if (get_user(p, &up->m.planes)) return -EFAULT;
In v4l2-compliance utility, test QUERYBUF required correct length value to go through each planar to check planar's length in multi-planar Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com> --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 3 +++ 1 file changed, 3 insertions(+)