Re: [PATCH] uvcvideo: Also validate buffers in BULK mode

From: Nicolas Dufresne
Date: Tue Jun 05 2018 - 10:07:48 EST

Next message: Geert Uytterhoeven: "Re: [PATCH 1/3] Revert "arm64: topology: divorce MC scheduling domain from core_siblings""
Previous message: Mimi Zohar: "Re: [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures"
In reply to: Laurent Pinchart: "Re: [PATCH] uvcvideo: Also validate buffers in BULK mode"
Next in thread: Nicolas Dufresne: "[PATCH v2] uvcvideo: Also validate buffers in BULK mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le mardi 05 juin 2018 Ã 11:52 +0300, Laurent Pinchart a Ãcrit :
> Hi Nicolas,
>
> Thank you for the patch.
>
> On Tuesday, 5 June 2018 03:24:15 EEST Nicolas Dufresne wrote:
> > Just like for ISOC, validate the decoded BULK buffer size when possible.
> > This avoids sending corrupted or partial buffers to userspace, which may
> > lead to application crash or run-time failure.
> >
> > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@xxxxxxxxxxxxx>
> > ---
> > drivers/media/usb/uvc/uvc_video.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/media/usb/uvc/uvc_video.c
> > b/drivers/media/usb/uvc/uvc_video.c index aa0082fe5833..46df4d01e31b 100644
> > --- a/drivers/media/usb/uvc/uvc_video.c
> > +++ b/drivers/media/usb/uvc/uvc_video.c
> > @@ -1307,8 +1307,10 @@ static void uvc_video_decode_bulk(struct urb *urb,
> > struct uvc_streaming *stream, if (stream->bulk.header_size == 0 &&
> > !stream->bulk.skip_payload) { do {
> > ret = uvc_video_decode_start(stream, buf, mem, len);
> > - if (ret == -EAGAIN)
> > + if (ret == -EAGAIN) {
> > + uvc_video_validate_buffer(stream, buf);
> > uvc_video_next_buffers(stream, &buf, &meta_buf);
>
> Wouldn't it be simpler to move the uvc_video_validate_buffer() call to
> uvc_video_next_buffers() ?

Sounds like a good idea, it will prevent forgetting about it if this
code get extended.

>
> > + }
> > } while (ret == -EAGAIN);
> >
> > /* If an error occurred skip the rest of the payload. */
> > @@ -1342,8 +1344,10 @@ static void uvc_video_decode_bulk(struct urb *urb,
> > struct uvc_streaming *stream, if (!stream->bulk.skip_payload && buf !=
> > NULL) {
> > uvc_video_decode_end(stream, buf, stream->bulk.header,
> > stream->bulk.payload_size);
> > - if (buf->state == UVC_BUF_STATE_READY)
> > + if (buf->state == UVC_BUF_STATE_READY) {
> > + uvc_video_validate_buffer(stream, buf);
> > uvc_video_next_buffers(stream, &buf, &meta_buf);
> > + }
> > }
> >
> > stream->bulk.header_size = 0;
>
>

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Geert Uytterhoeven: "Re: [PATCH 1/3] Revert "arm64: topology: divorce MC scheduling domain from core_siblings""
Previous message: Mimi Zohar: "Re: [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures"
In reply to: Laurent Pinchart: "Re: [PATCH] uvcvideo: Also validate buffers in BULK mode"
Next in thread: Nicolas Dufresne: "[PATCH v2] uvcvideo: Also validate buffers in BULK mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]