]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 69baf24) | patch
media: venus: hfi: add a check to handle OOB in sfr region
authorVikash Garodia <quic_vgarodia@quicinc.com>
Thu, 20 Feb 2025 17:20:11 +0000 (22:50 +0530)
committerHans Verkuil <hverkuil@xs4all.nl>
Mon, 3 Mar 2025 17:21:55 +0000 (18:21 +0100)
commitf4b211714bcc70effa60c34d9fa613d182e3ef1e
treeb2bad82a671707bd90066e62afcd87ff7f5cce71tree
parent69baf245b23e20efda0079238b27fc63ecf13de1commit | diff
media: venus: hfi: add a check to handle OOB in sfr region

sfr->buf_size is in shared memory and can be modified by malicious user.
OOB write is possible when the size is made higher than actual sfr data
buffer. Cap the size to allocated size for such cases.

Cc: stable@vger.kernel.org
Fixes: d96d3f30c0f2 ("[media] media: venus: hfi: add Venus HFI files")
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Vikash Garodia <quic_vgarodia@quicinc.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
drivers/media/platform/qcom/venus/hfi_venus.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.