From 95f5cbff90b9e4324839a5c28ee3153a3c9921a5 Mon Sep 17 00:00:00 2001 From: Nicolas Dufresne Date: Mon, 4 Jun 2018 20:24:15 -0400 Subject: [PATCH] media: uvcvideo: Also validate buffers in BULK mode Just like for ISOC, validate the decoded BULK buffer size when possible. This avoids sending corrupted or partial buffers to userspace, which may lead to application crash or run-time failure. Signed-off-by: Nicolas Dufresne [laurent.pinchart@ideasonboard.com: Move uvc_video_validate_buffer() call to uvc_video_next_buffers()] Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab --- drivers/media/usb/uvc/uvc_video.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index a88b2e51a666..3ed5f27e786b 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -1232,6 +1232,8 @@ static void uvc_video_validate_buffer(const struct uvc_streaming *stream, static void uvc_video_next_buffers(struct uvc_streaming *stream, struct uvc_buffer **video_buf, struct uvc_buffer **meta_buf) { + uvc_video_validate_buffer(stream, *video_buf); + if (*meta_buf) { struct vb2_v4l2_buffer *vb2_meta = &(*meta_buf)->buf; const struct vb2_v4l2_buffer *vb2_video = &(*video_buf)->buf; @@ -1270,10 +1272,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, do { ret = uvc_video_decode_start(stream, buf, mem, urb->iso_frame_desc[i].actual_length); - if (ret == -EAGAIN) { - uvc_video_validate_buffer(stream, buf); + if (ret == -EAGAIN) uvc_video_next_buffers(stream, &buf, &meta_buf); - } } while (ret == -EAGAIN); if (ret < 0) @@ -1289,10 +1289,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, uvc_video_decode_end(stream, buf, mem, urb->iso_frame_desc[i].actual_length); - if (buf->state == UVC_BUF_STATE_READY) { - uvc_video_validate_buffer(stream, buf); + if (buf->state == UVC_BUF_STATE_READY) uvc_video_next_buffers(stream, &buf, &meta_buf); - } } } -- 2.30.2