Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp812955imu;
        Tue, 11 Dec 2018 07:59:53 -0800 (PST)
X-Google-Smtp-Source: AFSGD/Wffk/T8ukqQF4BGBz6uTvAsu3piVgGKdwTbCvdo3IYx/+M75k7cBaHwmJYxJCsID9og/TT
X-Received: by 2002:a63:c846:: with SMTP id l6mr14971586pgi.78.1544543993882;
        Tue, 11 Dec 2018 07:59:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544543993; cv=none;
        d=google.com; s=arc-20160816;
        b=RrXIJYdExG5U+94bjBssrx/wEnJgcOL4bf0ZrtvMV9XCGb5pZc3y2U6tCjAWeuR0Xq
         NJalMK7TO/TpR2Cbh9G8HWilPXIUqO1vs0crXLaAKDoqpNZmUIliq30EN8Ee652OMsHx
         APdAJ5f37Io5oFA50vbueCv8VTzmZnQahnImccreu7BpXJIwjsfVwLeJcIUQK6kt43Qi
         L8I6O6ZmPOzsdUeM3aRtqclcSwnalHqO4EN5wmr+VSpbTPNqNR5EIJewhHzHt/RTpC3p
         tEuVpt0a9Vzo2DboAqA7NswMksKkyCK0ow3eslHK+WhWNAOwBdoS3LnJYpdrHRGzLvdt
         0sng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=ADwV1mfVDOkFfxhy/rGFF3LuXocdExzJBLZ3i225EFY=;
        b=mXXcnOpSdV6PwUs3BH8LSqC3xMrMFjDyA8wouLt6OGfy23ID2M6arGU+xkuOyLYo1B
         Jo4ER5VHQwW3sVCFrGg69NRBj0t25gN/GmBqnyC7tuXEY8rZldSrNsmcL55wudvXNw65
         ndTQwb7HpBN6k10IUbS9+a2V68aBkxY3NFsbjB/TbdcCMglXRGSsaDIII9AIbr5wzio8
         T/1Cpbq3Lex/MGKvKWZvZHbeisSu5AJXGc8pmo/fySklzAjxxwqva/+ADWjq8uOzXXPP
         /x5/xCu+XqHfVBE8zgsV0l+V6Iqba4xzHPHVlFZ+snVgVG572NicHEM7E2yE/IWlRDhq
         w77A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ypLUNKHq;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t11si12183486plo.293.2018.12.11.07.59.39;
        Tue, 11 Dec 2018 07:59:53 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ypLUNKHq;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730689AbeLKP4z (ORCPT <rfc822;ivid.suvarna@gmail.com>
        + 99 others); Tue, 11 Dec 2018 10:56:55 -0500
Received: from mail.kernel.org ([198.145.29.99]:45694 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730680AbeLKP4w (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 11 Dec 2018 10:56:52 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 067AF2146F;
        Tue, 11 Dec 2018 15:56:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1544543811;
        bh=DqizkAmhfvGS6CyZp3zp3BHnm6KSWhpOOg+YnQAUdJs=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ypLUNKHqMyIfc3ZJ7A/63JEBHCXi9b9rvJgWoL9lLjNoSLzkLQLP9U9SZz0RdARvn
         Tcsf8unY/P3/X9AQ9ZJ75OXOAE4PDLLw95cujc3Y2rtRUZNl7lpLT6nELv+6C7AcP8
         v5dTpfzt5e/GKYuQEAmGm+HfJLPu9lYxKMuAPuJw=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Hans Verkuil <hverkuil@xs4all.nl>,
        Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Subject: [PATCH 4.19 072/118] media: vicodec: fix memchr() kernel oops
Date:   Tue, 11 Dec 2018 16:41:31 +0100
Message-Id: <20181211151647.157643508@linuxfoundation.org>
X-Mailer: git-send-email 2.20.0
In-Reply-To: <20181211151644.216668863@linuxfoundation.org>
References: <20181211151644.216668863@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.19-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hans Verkuil <hverkuil@xs4all.nl>

commit cb3b2ffb757e75fef40fb94bc093cbbf49a6bf6e upstream.

The size passed to memchr is too large as it assumes the search
starts at the start of the buffer, but it can start at an offset.

Cc: <stable@vger.kernel.org>      # for v4.19 and up
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/platform/vicodec/vicodec-core.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/media/platform/vicodec/vicodec-core.c
+++ b/drivers/media/platform/vicodec/vicodec-core.c
@@ -438,7 +438,8 @@ restart:
 		for (; p < p_out + sz; p++) {
 			u32 copy;
 
-			p = memchr(p, magic[ctx->comp_magic_cnt], sz);
+			p = memchr(p, magic[ctx->comp_magic_cnt],
+				   p_out + sz - p);
 			if (!p) {
 				ctx->comp_magic_cnt = 0;
 				break;