From patchwork Fri Jun 19 05:41:09 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Elder <paul.elder@ideasonboard.com>
X-Patchwork-Id: 4083
Return-Path: <paul.elder@ideasonboard.com>
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[213.167.242.64])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 43972603BF
	for <libcamera-devel@lists.libcamera.org>;
	Fri, 19 Jun 2020 07:41:42 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key;
	unprotected) header.d=ideasonboard.com
	header.i=@ideasonboard.com
	header.b="oNNbvBke"; dkim-atps=neutral
Received: from jade.flets-east.jp (unknown
	[IPv6:2400:4051:61:600:e972:d773:e99a:4f79])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id BF14D556;
	Fri, 19 Jun 2020 07:41:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1592545302;
	bh=qsEFtr5cbT/jPDimSbuKHA1vG1SLI29s7gEV9/ny+18=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=oNNbvBkeuA+dvOgyZXYwuTft8pwS5+7mNfC1C2LPN7CJt8mQKWXkjuREP8p+LprcV
	2uHDmG54dxNiSb+K/mdLS+twKIYdaqDLVmXS22IBbam/4zUYVtLN58Zgv9gRUau0V/
	/9gZd/I5XkJYYiE4YW7cEy2pfknZzzrn+LzT9+Ag=
From: Paul Elder <paul.elder@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Fri, 19 Jun 2020 14:41:09 +0900
Message-Id: <20200619054123.19052-4-paul.elder@ideasonboard.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200619054123.19052-1-paul.elder@ideasonboard.com>
References: <20200619054123.19052-1-paul.elder@ideasonboard.com>
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH v2 03/17] v4l2: v4l2_camera_proxy: Check
	for null arg values in main ioctl handler
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2020 05:41:42 -0000

The ioctl handlers currently don't check if arg is null, so if it ever
is, it will cause a segfault. Check that arg is null and return -EFAULT
in the main vidioc ioctl handler.

Signed-off-by: Paul Elder <paul.elder@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
---
Changes in v2:
- moved !arg check to main ioctl handler, and added a set of supported
  ioctls
- use !arg instead of arg == nullptr
---
 src/v4l2/v4l2_camera_proxy.cpp | 27 +++++++++++++++++++++++++--
 src/v4l2/v4l2_camera_proxy.h   |  3 +++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/v4l2/v4l2_camera_proxy.cpp b/src/v4l2/v4l2_camera_proxy.cpp
index f06f58d..cff6562 100644
--- a/src/v4l2/v4l2_camera_proxy.cpp
+++ b/src/v4l2/v4l2_camera_proxy.cpp
@@ -11,6 +11,7 @@
 #include <array>
 #include <errno.h>
 #include <linux/videodev2.h>
+#include <set>
 #include <string.h>
 #include <sys/mman.h>
 #include <unistd.h>
@@ -238,7 +239,6 @@ int V4L2CameraProxy::vidioc_enum_fmt(V4L2CameraFile *cf, struct v4l2_fmtdesc *ar
 {
 	LOG(V4L2Compat, Debug) << "Servicing vidioc_enum_fmt fd = " << cf->efd();
 
-
 	if (!validateBufferType(arg->type) ||
 	    arg->index >= streamConfig_.formats().pixelformats().size())
 		return -EINVAL;
@@ -255,7 +255,6 @@ int V4L2CameraProxy::vidioc_g_fmt(V4L2CameraFile *cf, struct v4l2_format *arg)
 {
 	LOG(V4L2Compat, Debug) << "Servicing vidioc_g_fmt fd = " << cf->efd();
 
-
 	if (!validateBufferType(arg->type))
 		return -EINVAL;
 
@@ -543,8 +542,32 @@ int V4L2CameraProxy::vidioc_streamoff(V4L2CameraFile *cf, int *arg)
 	return ret;
 }
 
+std::set<unsigned long> V4L2CameraProxy::supportedIoctls_ = {
+	VIDIOC_QUERYCAP,
+	VIDIOC_ENUM_FMT,
+	VIDIOC_G_FMT,
+	VIDIOC_S_FMT,
+	VIDIOC_TRY_FMT,
+	VIDIOC_REQBUFS,
+	VIDIOC_QUERYBUF,
+	VIDIOC_QBUF,
+	VIDIOC_DQBUF,
+	VIDIOC_STREAMON,
+	VIDIOC_STREAMOFF,
+};
+
 int V4L2CameraProxy::ioctl(V4L2CameraFile *cf, unsigned long request, void *arg)
 {
+	if (supportedIoctls_.find(request) == supportedIoctls_.end()) {
+		errno = ENOTTY;
+		return -1;
+	}
+
+	if (!arg) {
+		errno = EFAULT;
+		return -1;
+	}
+
 	int ret;
 	switch (request) {
 	case VIDIOC_QUERYCAP:
diff --git a/src/v4l2/v4l2_camera_proxy.h b/src/v4l2/v4l2_camera_proxy.h
index 43290ca..dd7e793 100644
--- a/src/v4l2/v4l2_camera_proxy.h
+++ b/src/v4l2/v4l2_camera_proxy.h
@@ -11,6 +11,7 @@
 #include <linux/videodev2.h>
 #include <map>
 #include <memory>
+#include <set>
 #include <sys/mman.h>
 #include <sys/types.h>
 #include <vector>
@@ -67,6 +68,8 @@ private:
 	static PixelFormat v4l2ToDrm(uint32_t format);
 	static uint32_t drmToV4L2(const PixelFormat &format);
 
+	static std::set<unsigned long> supportedIoctls_;
+
 	unsigned int refcount_;
 	unsigned int index_;