openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

media: am437x-vpfe: exclude illegal values for enum when validing params from user space 

When calling ccdc_data_size_max_bit() to validate data_sz in
vpfe_ccdc_validate_param(), it's treated as an enumeration ranging from
0 to 7 while essentially it's an 32 bit unsigned integer directly from
user space. This can make the return value of ccdc_data_size_max_bit()
underflow and bypass the following check.

To fix this, an additional check is added to the following if clause to
keep this enumaration variable in range. And if its value is not legal,
return -EINVAL properly.

Signed-off-by: Changming Liu <charley.ashbringer@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
This commit is contained in:
Changming Liu 2020-03-10 22:13:20 +01:00 committed by Mauro Carvalho Chehab
parent 80264809ea
commit 3f870a4503
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
drivers/media/platform/am437x/am437x-vpfe.c
View File

@ -285,6 +285,7 @@ vpfe_ccdc_validate_param(struct vpfe_ccdc *ccdc,
max_data = ccdc_data_size_max_bit(ccdcparam->data_sz);
if (ccdcparam->alaw.gamma_wd > VPFE_CCDC_GAMMA_BITS_09_0 ||
ccdcparam->data_sz > VPFE_CCDC_DATA_8BITS ||
max_gamma > max_data) {
vpfe_dbg(1, vpfe, "Invalid data line select\n");
return -EINVAL;