]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83724b8) | patch
media: venus: hfi: add a check to handle OOB in sfr region
authorVikash Garodia <quic_vgarodia@quicinc.com>
Thu, 20 Feb 2025 17:20:11 +0000 (22:50 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 2 May 2025 05:43:59 +0000 (07:43 +0200)
commit1b8fb257234e7d2d4b3f48af07c5aa5e11c71634
treeeb8d07fbf8fa7fba5d21b55ce95dab6b2a64e849tree
parent83724b88175c9e6a49ae1fde5eac820adb87e5c5commit | diff
media: venus: hfi: add a check to handle OOB in sfr region

commit f4b211714bcc70effa60c34d9fa613d182e3ef1e upstream.

sfr->buf_size is in shared memory and can be modified by malicious user.
OOB write is possible when the size is made higher than actual sfr data
buffer. Cap the size to allocated size for such cases.

Cc: stable@vger.kernel.org
Fixes: d96d3f30c0f2 ("[media] media: venus: hfi: add Venus HFI files")
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Vikash Garodia <quic_vgarodia@quicinc.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/media/platform/qcom/venus/hfi_venus.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git