hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

media: vicodec: fix memchr() kernel oops 

The size passed to memchr is too large as it assumes the search
starts at the start of the buffer, but it can start at an offset.

Cc: <stable@vger.kernel.org>      # for v4.19 and up
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
This commit is contained in:
Hans Verkuil 2018-11-17 06:25:08 -05:00 committed by Mauro Carvalho Chehab
parent 0408b205f1
commit cb3b2ffb75
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/media/platform/vicodec/vicodec-core.c
View File

@ -304,7 +304,8 @@ restart:
for (; p < p_out + sz; p++) {
u32 copy;
p = memchr(p, magic[ctx->comp_magic_cnt], sz);
p = memchr(p, magic[ctx->comp_magic_cnt],
p_out + sz - p);
if (!p) {
ctx->comp_magic_cnt = 0;
break;