Re: [PATCH 1/2] [media] vb2: Fix an off by one error in 'vb2_plane_vaddr'

From: Sakari Ailus
Date: Mon Apr 24 2017 - 10:17:15 EST

Next message: Corentin Labbe: "[PATCH 3/9] crypto: ixp4xx - Use IPAD/OPAD constant"
Previous message: Byczkowski, Jakub: "RE: [PATCH 5/7] IB/hfi1: use pcie_flr instead of duplicating it"
Next in thread: Christophe JAILLET: "Re: [PATCH 1/2] [media] vb2: Fix an off by one error in 'vb2_plane_vaddr'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Apr 23, 2017 at 11:32:57PM +0200, Christophe JAILLET wrote:
> We should ensure that 'plane_no' is '< vb->num_planes' as done in
> 'vb2_plane_cookie' just a few lines below.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
> ---
> drivers/media/v4l2-core/videobuf2-core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c
> index 94afbbf92807..c0175ea7e7ad 100644
> --- a/drivers/media/v4l2-core/videobuf2-core.c
> +++ b/drivers/media/v4l2-core/videobuf2-core.c
> @@ -868,7 +868,7 @@ EXPORT_SYMBOL_GPL(vb2_core_create_bufs);
>
> void *vb2_plane_vaddr(struct vb2_buffer *vb, unsigned int plane_no)
> {
> - if (plane_no > vb->num_planes || !vb->planes[plane_no].mem_priv)
> + if (plane_no >= vb->num_planes || !vb->planes[plane_no].mem_priv)
> return NULL;
>
> return call_ptr_memop(vb, vaddr, vb->planes[plane_no].mem_priv);

Oh my. How could this happen?

This should go to stable as well.

Reviewed-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>

--
Sakari Ailus
e-mail: sakari.ailus@xxxxxx XMPP: sailus@xxxxxxxxxxxxxx

Next message: Corentin Labbe: "[PATCH 3/9] crypto: ixp4xx - Use IPAD/OPAD constant"
Previous message: Byczkowski, Jakub: "RE: [PATCH 5/7] IB/hfi1: use pcie_flr instead of duplicating it"
Next in thread: Christophe JAILLET: "Re: [PATCH 1/2] [media] vb2: Fix an off by one error in 'vb2_plane_vaddr'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]