In list.linux-kernel yjf@stanford.edu (Junfeng Yang) wrote:
> [BUG] on VIDIOCGCAPUTRE and VIDIOCSCAPUTRE branches copy_*_user functions are called. on other branches not
> /home/junfeng/linux-tainted/drivers/media/video/cpia.c:3432:cpia_do_ioctl: ERROR:TAINTED:3432:3432: dereferencing tainted ptr 'vp' [Callstack: ]
>
> DBG("VIDIOCSPICT\n");
>
> /* check validity */
> DBG("palette: %d\n", vp->palette);
> DBG("depth: %d\n", vp->depth);
>
> Error --->
> if (!valid_mode(vp->palette, vp->depth)) {
> retval = -EINVAL;
> break;
> }
> ---------------------------------------------------------
I can't see this. This code fragment is from cpia_do_ioctl. This is
never called directly, the entry point is cpia_ioctl, which always passes
ioctl calls to video_usercopy (which calls cpia_do_ioctl through the
supplied function pointer).
In video_usercopy, it calls copy_from_user for an _IOW ioctl (which
VIDIOCSPICT is). There is certainly no differentiation between the
different ioctl calls made by video_usercopy.
Is there something I have missed?
-- `O O' | Nick.Holloway@pyrites.org.uk // ^ \\ | http://www.pyrites.org.uk/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 30 2003 - 22:00:27 EST