www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Vikash Garodia <quic_vgarodia@quicinc.com>
	Thu, 20 Feb 2025 17:20:09 +0000 (22:50 +0530)
committer	Hans Verkuil <hverkuil@xs4all.nl>
	Mon, 3 Mar 2025 17:21:55 +0000 (18:21 +0100)
commit	9edaaa8e3e15aab1ca413ab50556de1975bcb329
tree	15b53c4072086a55095549b5be8141987e0b8051	tree
parent	172bf5a9ef70a399bb227809db78442dc01d9e48	commit \| diff

media: venus: hfi_parser: refactor hfi packet parsing logic

words_count denotes the number of words in total payload, while data
points to payload of various property within it. When words_count
reaches last word, data can access memory beyond the total payload. This
can lead to OOB access. With this patch, the utility api for handling
individual properties now returns the size of data consumed. Accordingly
remaining bytes are calculated before parsing the payload, thereby
eliminates the OOB access possibilities.

Cc: stable@vger.kernel.org
Fixes: 1a73374a04e5 ("media: venus: hfi_parser: add common capability parser")
Signed-off-by: Vikash Garodia <quic_vgarodia@quicinc.com>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>