{"id":4046,"url":"https://patchwork.libcamera.org/api/1.1/patches/4046/?format=json","web_url":"https://patchwork.libcamera.org/patch/4046/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/1.1/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20200616131244.70308-3-paul.elder@ideasonboard.com>","date":"2020-06-16T13:12:31","name":"[libcamera-devel,02/15] v4l2: v4l2_camera_proxy: Check for null arg values in ioctl handlers","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"697057a8263f2f6999d86a56e70aa3c551fb0ddb","submitter":{"id":17,"url":"https://patchwork.libcamera.org/api/1.1/people/17/?format=json","name":"Paul Elder","email":"paul.elder@ideasonboard.com"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/4046/mbox/","series":[{"id":1006,"url":"https://patchwork.libcamera.org/api/1.1/series/1006/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=1006","date":"2020-06-16T13:12:29","name":"Support v4l2-compliance","version":1,"mbox":"https://patchwork.libcamera.org/series/1006/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/4046/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/4046/checks/","tags":{},"headers":{"Return-Path":"<paul.elder@ideasonboard.com>","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 0212F61F24\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue, 16 Jun 2020 15:13:04 +0200 (CEST)","from jade.flets-east.jp (unknown\n\t[IPv6:2400:4051:61:600:2807:bdfa:f6a:8e53])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 820ABF9;\n\tTue, 16 Jun 2020 15:13:02 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"WxbsQKe2\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1592313183;\n\tbh=ixlFXZxogr8vUn3rqaonr1O8urYXVk596ihDKMCdhUM=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=WxbsQKe2jRvSkiJIaaJEDpeezOe4asNhgAwvmPgq2Fn8iz+hl3HB5zGRSc9HBfM1e\n\tbpws8VPiXjHXuca7CQum38jn5hy9fg63PkRapjv9lWFTJRO8Z6LKn2XmUHzGVKvmor\n\tK/PogF9Qnyhbr5CU7jxRUbDTK/PJcwBQOeyFxKnQ=","From":"Paul Elder <paul.elder@ideasonboard.com>","To":"libcamera-devel@lists.libcamera.org","Date":"Tue, 16 Jun 2020 22:12:31 +0900","Message-Id":"<20200616131244.70308-3-paul.elder@ideasonboard.com>","X-Mailer":"git-send-email 2.27.0","In-Reply-To":"<20200616131244.70308-1-paul.elder@ideasonboard.com>","References":"<20200616131244.70308-1-paul.elder@ideasonboard.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [PATCH 02/15] v4l2: v4l2_camera_proxy: Check for\n\tnull arg values in ioctl handlers","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Tue, 16 Jun 2020 13:13:04 -0000"},"content":"The ioctl handlers currently don't check if arg is null, so if it ever\nis, it will cause a segfault. Check that arg is null and return -EFAULT\nin all vidioc ioctl handlers.\n\nSigned-off-by: Paul Elder <paul.elder@ideasonboard.com>\n---\n src/v4l2/v4l2_camera_proxy.cpp | 33 +++++++++++++++++++++++++++++++--\n 1 file changed, 31 insertions(+), 2 deletions(-)","diff":"diff --git a/src/v4l2/v4l2_camera_proxy.cpp b/src/v4l2/v4l2_camera_proxy.cpp\nindex 594dd13..5b74b53 100644\n--- a/src/v4l2/v4l2_camera_proxy.cpp\n+++ b/src/v4l2/v4l2_camera_proxy.cpp\n@@ -238,6 +238,9 @@ int V4L2CameraProxy::vidioc_querycap(struct v4l2_capability *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_querycap\";\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n+\n \t*arg = capabilities_;\n \n \treturn 0;\n@@ -247,6 +250,8 @@ int V4L2CameraProxy::vidioc_enum_fmt(int fd, struct v4l2_fmtdesc *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_enum_fmt fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n \n \tif (!validateBufferType(arg->type) ||\n \t    arg->index >= streamConfig_.formats().pixelformats().size())\n@@ -264,6 +269,8 @@ int V4L2CameraProxy::vidioc_g_fmt(int fd, struct v4l2_format *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_g_fmt fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n \n \tif (!validateBufferType(arg->type))\n \t\treturn -EINVAL;\n@@ -303,6 +310,9 @@ int V4L2CameraProxy::vidioc_s_fmt(int fd, struct v4l2_format *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_s_fmt fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n+\n \tint ret = lock(fd);\n \tif (ret < 0)\n \t\treturn ret;\n@@ -334,6 +344,9 @@ int V4L2CameraProxy::vidioc_try_fmt(int fd, struct v4l2_format *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_try_fmt fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n+\n \tif (!validateBufferType(arg->type))\n \t\treturn -EINVAL;\n \n@@ -361,6 +374,8 @@ int V4L2CameraProxy::vidioc_reqbufs(int fd, struct v4l2_requestbuffers *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_reqbufs fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n \n \tint ret = lock(fd);\n \tif (ret < 0)\n@@ -444,6 +459,9 @@ int V4L2CameraProxy::vidioc_querybuf(int fd, struct v4l2_buffer *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_querybuf fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n+\n \tint ret = lock(fd);\n \tif (ret < 0)\n \t\treturn ret;\n@@ -461,8 +479,10 @@ int V4L2CameraProxy::vidioc_querybuf(int fd, struct v4l2_buffer *arg)\n \n int V4L2CameraProxy::vidioc_qbuf(int fd, struct v4l2_buffer *arg)\n {\n-\tLOG(V4L2Compat, Debug) << \"Servicing vidioc_qbuf, index = \"\n-\t\t\t       << arg->index << \" fd = \" << fd;\n+\tLOG(V4L2Compat, Debug) << \"Servicing vidioc_qbuf fd = \" << fd;\n+\n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n \n \tint ret = lock(fd);\n \tif (ret < 0)\n@@ -487,6 +507,9 @@ int V4L2CameraProxy::vidioc_dqbuf(int fd, struct v4l2_buffer *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_dqbuf fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n+\n \tint ret = lock(fd);\n \tif (ret < 0)\n \t\treturn ret;\n@@ -522,6 +545,9 @@ int V4L2CameraProxy::vidioc_streamon(int fd, int *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_streamon fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n+\n \tint ret = lock(fd);\n \tif (ret < 0)\n \t\treturn ret;\n@@ -538,6 +564,9 @@ int V4L2CameraProxy::vidioc_streamoff(int fd, int *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_streamoff fd = \" << fd;\n \n+\tif (arg == nullptr)\n+\t\treturn -EFAULT;\n+\n \tint ret = lock(fd);\n \tif (ret < 0)\n \t\treturn ret;\n","prefixes":["libcamera-devel","02/15"]}