[PATCH 3.18 74/93] media: v4l2-compat-ioctl32: initialize a reserved field
From: Greg Kroah-Hartman
Date: Fri Apr 06 2018 - 09:28:09 EST
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx>
The get_v4l2_create32() function is missing a logic with
would be cleaning a reserved field, causing v4l2-compliance
to complain:
Buffer ioctls (Input 0):
fail: v4l2-test-buffers.cpp(506): check_0(crbufs.reserved, sizeof(crbufs.reserved))
test VIDIOC_REQBUFS/CREATE_BUFS/QUERYBUF: FAIL
Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -247,7 +247,8 @@ static int get_v4l2_create32(struct v4l2
{
if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
copy_in_user(kp, up,
- offsetof(struct v4l2_create_buffers32, format)))
+ offsetof(struct v4l2_create_buffers32, format)) ||
+ copy_in_user(kp->reserved, up->reserved, sizeof(kp->reserved)))
return -EFAULT;
return __get_v4l2_format32(&kp->format, &up->format,
aux_buf, aux_space);