From patchwork Fri Apr 2 02:44:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hirokazu Honda X-Patchwork-Id: 11823 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id CC0E6C0DA3 for ; Fri, 2 Apr 2021 02:45:01 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id 4FCAD6877D; Fri, 2 Apr 2021 04:45:01 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="POvf7J4y"; dkim-atps=neutral Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id E1AE36877C for ; Fri, 2 Apr 2021 04:44:59 +0200 (CEST) Received: by mail-pl1-x634.google.com with SMTP id v8so1918340plz.10 for ; Thu, 01 Apr 2021 19:44:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CWvnM27sMJybluUYtLViRKdO83r8N0cZtWfmPfv2wjQ=; b=POvf7J4y9i+rSV69kR0LRfCOdCzlALvNULle3A5dNBxWsExzkLbC+NkfnAcHhJhL3T ERtEyk7ULjhnRa1qJ/UXdsTsixKzrz3CDOHV+2GVm98ycRlS6wv02R4AufppwofoHRBq 4kP1wVDyAEr8lMutqcsJBcqXXeNAHjX9aPa78= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CWvnM27sMJybluUYtLViRKdO83r8N0cZtWfmPfv2wjQ=; b=O2U0KW7LRjq5Oxw0FQsc8W9sRRr11KqJ86IwH2qqAX/us2RewYGrkbAg6jXVW9z7GV nmxZZjVaEZmKIwb/evq/18cq8tA6JveS6tB7wqRp3IeVQKcQcQLdbsCXoqgvOpPP3oPf h30AkAg6hOmdIps5xBO2PvmepmvDmZBBTWy2fdzXW+yD+ND1cHYjTlRF2LBMsDA5rbIZ 0rEG8Srh5vZ6SIOrSyVwVNs+A1p6OWAvXBQ46dURDx4k/1d0T2EsL6eotZGTabJumrjF 05iP4vz50KGufD6B3NLgHAPbpjTKRACMXUN/aRx/e69jaHfWluEpazsTz8ST0lhHls7n tpKg== X-Gm-Message-State: AOAM530KCeezgs27owK00X1boO90TgUdWoeSg4VQWKq2hxLfM267opo7 FDDpACieWQVLq84KiLanM0ecuz/N1XNmvA== X-Google-Smtp-Source: ABdhPJys+dqbhIsbpiQ9o2k13i8oJtnPdFFEkj/yD9UZ/u5ZefAe7hx0hkB5zJYF/QweDUnaRbTjqQ== X-Received: by 2002:a17:903:10d:b029:e7:3875:33ed with SMTP id y13-20020a170903010db02900e7387533edmr10896372plc.34.1617331498258; Thu, 01 Apr 2021 19:44:58 -0700 (PDT) Received: from hiroh2.tok.corp.google.com ([2401:fa00:8f:2:908:1da:b07c:32bc]) by smtp.gmail.com with ESMTPSA id bb16sm145361pjb.17.2021.04.01.19.44.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Apr 2021 19:44:57 -0700 (PDT) From: Hirokazu Honda To: libcamera-devel@lists.libcamera.org Date: Fri, 2 Apr 2021 11:44:51 +0900 Message-Id: <20210402024452.1308253-1-hiroh@chromium.org> X-Mailer: git-send-email 2.31.0.208.g409f899ff0-goog MIME-Version: 1.0 Subject: [libcamera-devel] [PATCH v3 1/2] android: cameraDevice: Factorize the code of validating camera3_capture_request X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" CameraDevice::processCaptureRequest() checks the validness of a provided camera3_capture_request. This factorizes the code in order to add more validation to the request later. Signed-off-by: Hirokazu Honda Reviewed-by: Jacopo Mondi Reviewed-by: Kieran Bingham Reviewed-by: Laurent Pinchart --- src/android/camera_device.cpp | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/android/camera_device.cpp b/src/android/camera_device.cpp index eb327978..988c1fd5 100644 --- a/src/android/camera_device.cpp +++ b/src/android/camera_device.cpp @@ -256,6 +256,21 @@ void sortCamera3StreamConfigs(std::vector &unsortedConfigs, unsortedConfigs = sortedConfigs; } +bool isValidRequest(camera3_capture_request_t *camera3Request) +{ + if (!camera3Request) { + LOG(HAL, Error) << "No capture request provided"; + return false; + } + + if (!camera3Request->num_output_buffers) { + LOG(HAL, Error) << "No output buffers provided"; + return false; + } + + return true; +} + } /* namespace */ /* @@ -1785,15 +1800,8 @@ int CameraDevice::processControls(Camera3RequestDescriptor *descriptor) int CameraDevice::processCaptureRequest(camera3_capture_request_t *camera3Request) { - if (!camera3Request) { - LOG(HAL, Error) << "No capture request provided"; + if (isValidRequest(camera3Request)) return -EINVAL; - } - - if (!camera3Request->num_output_buffers) { - LOG(HAL, Error) << "No output buffers provided"; - return -EINVAL; - } /* Start the camera if that's the first request we handle. */ if (!running_) { From patchwork Fri Apr 2 02:44:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hirokazu Honda X-Patchwork-Id: 11824 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id ECA36C0DA3 for ; Fri, 2 Apr 2021 02:45:03 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id AD89D6878A; Fri, 2 Apr 2021 04:45:03 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="Y7LnUGsb"; dkim-atps=neutral Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id AC10B68781 for ; Fri, 2 Apr 2021 04:45:01 +0200 (CEST) Received: by mail-pg1-x531.google.com with SMTP id j34so766648pgj.12 for ; Thu, 01 Apr 2021 19:45:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1ztDffAkupvDY6/wmiELYvV77Eggfxt5FD5d8zGbSd4=; b=Y7LnUGsbAHOKaQUduT8nXQbQ9lXmt94CAYjzs9Kmgl6E2P0ldEVpiPYJrCELrcM7D4 mImMKs357HmbM54BKZr5cSG8taFdojRNvVOCYVLp+fdR0E/AdiE8mPSuNaD8zkNGChh6 IY0Fvq9ZKqDl1/DP2zakbW0xgtos9TP0svMck= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1ztDffAkupvDY6/wmiELYvV77Eggfxt5FD5d8zGbSd4=; b=k2rdudVatY4eIPI4zSDbq98z+arkcG0c6fBnyPRuAvyuDYgfuWzpVrdmVfPyQltGcp 3+Rp0iB/7tQTwIZDL2WvAx5C8sjJZkHi/47bcOwNpyI0Rk/wt+3kNqpwMrOYThq5+BGN nPjIJSvMoEotwjXvWDH3sWKBnIR+sZXG/uLkv8AZpFBz2fr96g+b9TJUATPiNVIDsJ39 uEu1PvRM4Ys1PXCtNqkPQBgWsK4n6vuxgk30GYm55Lf/QihLPtbKu8/+8f5UmseYg0xV lwTMUaw42FZeJA78XLGo5k9eGmgdz8h4UPU70759VJuuaYGd2dcXQaS1p5CM54C5UssU ylRQ== X-Gm-Message-State: AOAM533wqjLF5JNhYaui9y97LcWSIODbQqE3ZfFAY71kUWkI1+p5j2mf vCLZcgAcctb51RgBRtQIYAHisUORLoUFJg== X-Google-Smtp-Source: ABdhPJzaSWFuX1uCaX37HpaFCq7j30E0klt/0Ax4cNR5RNvK8I0DOv+AP+Cw9F5z5LSHD79w90cubA== X-Received: by 2002:a63:1203:: with SMTP id h3mr10165767pgl.223.1617331499788; Thu, 01 Apr 2021 19:44:59 -0700 (PDT) Received: from hiroh2.tok.corp.google.com ([2401:fa00:8f:2:908:1da:b07c:32bc]) by smtp.gmail.com with ESMTPSA id bb16sm145361pjb.17.2021.04.01.19.44.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Apr 2021 19:44:59 -0700 (PDT) From: Hirokazu Honda To: libcamera-devel@lists.libcamera.org Date: Fri, 2 Apr 2021 11:44:52 +0900 Message-Id: <20210402024452.1308253-2-hiroh@chromium.org> X-Mailer: git-send-email 2.31.0.208.g409f899ff0-goog In-Reply-To: <20210402024452.1308253-1-hiroh@chromium.org> References: <20210402024452.1308253-1-hiroh@chromium.org> MIME-Version: 1.0 Subject: [libcamera-devel] [PATCH v3 2/2] android: CameraDevice: Add more camera3_capture_request validation X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" This adds more validation to camera3_capture_request mainly about buffer_handle values. Signed-off-by: Hirokazu Honda Reviewed-by: Laurent Pinchart --- src/android/camera_device.cpp | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/src/android/camera_device.cpp b/src/android/camera_device.cpp index 988c1fd5..8b6032fc 100644 --- a/src/android/camera_device.cpp +++ b/src/android/camera_device.cpp @@ -263,11 +263,36 @@ bool isValidRequest(camera3_capture_request_t *camera3Request) return false; } - if (!camera3Request->num_output_buffers) { + if (!camera3Request->num_output_buffers || + !camera3Request->output_buffers) { LOG(HAL, Error) << "No output buffers provided"; return false; } + for (uint32_t i = 0; i < camera3Request->num_output_buffers; i++) { + const camera3_stream_buffer_t &outputBuffer = + camera3Request->output_buffers[i]; + if (!outputBuffer.buffer || !(*outputBuffer.buffer)) { + LOG(HAL, Error) << "Invalid native handle"; + return false; + } + + const native_handle_t *handle = *outputBuffer.buffer; + constexpr int kNativeHandleMaxFds = 1024; + if (handle->numFds < 0 || handle->numFds > kNativeHandleMaxFds) { + LOG(HAL, Error) << "Invalid number of fds: " + << handle->numFds; + return false; + } + + constexpr int kNativeHandleMaxInts = 1024; + if (handle->numInts < 0 || handle->numInts > kNativeHandleMaxInts) { + LOG(HAL, Error) << "Invalid number of data: " + << handle->numInts; + return false; + } + } + return true; } @@ -1800,7 +1825,7 @@ int CameraDevice::processControls(Camera3RequestDescriptor *descriptor) int CameraDevice::processCaptureRequest(camera3_capture_request_t *camera3Request) { - if (isValidRequest(camera3Request)) + if (!isValidRequest(camera3Request)) return -EINVAL; /* Start the camera if that's the first request we handle. */