Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4330779yba; Tue, 7 May 2019 16:34:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqyfoAKySdWnWfpwa9VPwXRkZN0RhC7OV4vMNd/I/j7nBP+06jVrpF4gEw5xI14+SAx3RtfE X-Received: by 2002:a63:9d8d:: with SMTP id i135mr26400990pgd.245.1557272074767; Tue, 07 May 2019 16:34:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557272074; cv=none; d=google.com; s=arc-20160816; b=n0X6dwC0DycpwUo49lwtCDgbUxrcTqZbwYFIOqZDGN4Bfj8OdlbVarmn2X6Q6rEDR3 lAXS+2UNpGfApOP4Y9Uf/8NdEg1Q9px8lgM0SVXsgHi8f2iOfVsbiKVUrLY/1bOOvNuk cdgxmlInPx+La3o7mhn3FwY028qcyG/UDr6WmOWvgkaknHyAeW4D7lOhf0L2dQvJonpk HoErhMQxLYuNTWjnA+BNHGNAe2CCbMN4dBITtgR9q8C2kxHvXXXkjyJ2dtspHkdm6PJt GNumjPnxZc02yAu/Ba6OgWAvpjGAcAPF3U1QcuDk0GqpNqcHgxzgr0sO7CRaQyID4E3E 7WlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=55v5Dsg1z0oHxHaQ+vXevXFSFPW/zo73YqWBOxq3l78=; b=aHtlQgI6KENlTjXEpKrWw92CEYxpMHq9BjSjCmTVgAnL955n5EfKoXZLRnIcOxrVaB Ryzqc4S4zjillmvfJ1M8P9kwMzlW+Sz2d5MgN3lK2P1G//Ft0+igLsrxOQHHyHCWzgeU bH1Qr9QuNDjuNW9cqXl6/Rk++gpKEigsCEljFcARgZ2aJAEcMVMJPK8QwjflpWM0V/tG 4KHzyVGNFnT/LSxDOc7IyWuwZiT2sgdoHYM2VMRwIGHsF9UX4Gs/nCADoBBuAqgWDokk EwoST1sUsEfjJGWxMKz6GgzRBS3MAsrYP1Nh2IxfBkHcXx4qsPRWNvLJmTjBANKRKPb7 Ez3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jYWT+sb+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r59si19433104plb.303.2019.05.07.16.34.19; Tue, 07 May 2019 16:34:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jYWT+sb+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726568AbfEGXdZ (ORCPT + 99 others); Tue, 7 May 2019 19:33:25 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:40741 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726091AbfEGXdZ (ORCPT ); Tue, 7 May 2019 19:33:25 -0400 Received: by mail-lf1-f67.google.com with SMTP id o16so13099386lfl.7; Tue, 07 May 2019 16:33:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=55v5Dsg1z0oHxHaQ+vXevXFSFPW/zo73YqWBOxq3l78=; b=jYWT+sb+suhqZhqZZ/qEXlVbnN4ssONo8jjnS0+LtXa3jmxZnMQ2vcY2F9qMjJhYOX UOzhG5gO0l4qa8RaJeNgkzBjsRfo3IehKdAF70XwArrUFm5LaP0pF78UbaIgNAlY292A ghD8a0U7HRhwIll9W6a2mlVpYeB9Zb9ih6wDowbYGNTdFipz56p6rg7GYsKeM9LJQbjp 8EW9ywb/520t3Q4W8aX+GIwcncNmnBKdDkqtJEouEyYDS4Aa6Riuvwt1IHG/VTfVqr36 cwW9oRtK2sv30xq0pmLYgqM63hBoFYZZTQWAIoiEiXphAR2rQC50z4sQZDv6rCKNMSt9 UXKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=55v5Dsg1z0oHxHaQ+vXevXFSFPW/zo73YqWBOxq3l78=; b=aFG0s/iUa/Hp+CFolQnMmr5uLYuOifGMCXg/EzwhRQZYuT+a70hoMw5q1JnBWgF7cZ SOYHfrswnd+j5MjWnDCymRmIkE0Z0b6tqB7Otvh9tthwe6115pBD1ZT+Xr6gNbMbqvss d2mIHumiZj3phHdgWszrWh8OlSQ2Y0jGTmdH8PTdFGddDtjaBqNtFpaUBnOt+0CcEoix ogEA3hYxnTzZ5EzGOTKONQTB/vw0Ai7SZjJkAp+36o49Wk4wGLUfbkxaCXK9hRAaxxx0 eHs1YpHR6Ox5hoBOSPIRRkzhu+RwDxhj3qjVY11/J4I8GPuA9oO/rKx3sadutEWXB/4A eXRg== X-Gm-Message-State: APjAAAXLsbq3T1XD5L9biy8pAJmp2tGEkuewzzQfhF2B9C9mC3dadBSU bJtA+Cc6p+gVF8eKuLYRv9mPjPC97cYccw== X-Received: by 2002:ac2:4186:: with SMTP id z6mr5674055lfh.50.1557272003068; Tue, 07 May 2019 16:33:23 -0700 (PDT) Received: from z50.localnet (109241207190.gdansk.vectranet.pl. [109.241.207.190]) by smtp.gmail.com with ESMTPSA id d80sm4433139lfd.90.2019.05.07.16.33.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 May 2019 16:33:22 -0700 (PDT) From: Janusz Krzysztofik To: Sakari Ailus Cc: Mauro Carvalho Chehab , Sakari Ailus , Hans Verkuil , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, Janusz Krzysztofik Subject: Re: [PATCH 03/14] media: ov6650: Fix unverified arguments used in .set_fmt() Date: Wed, 08 May 2019 01:33:19 +0200 Message-ID: <2020766.LXvJ9naVtX@z50> In-Reply-To: <20190430135809.5mgf4govbqj3cxph@valkosipuli.retiisi.org.uk> References: <20190408214242.9603-1-jmkrzyszt@gmail.com> <20190408214242.9603-4-jmkrzyszt@gmail.com> <20190430135809.5mgf4govbqj3cxph@valkosipuli.retiisi.org.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Sakari, Sorry for late answer, I've just found your message in Gmail spam folder. On Tuesday, April 30, 2019 3:58:09 PM CEST Sakari Ailus wrote: > Hi Janusz, > > On Mon, Apr 08, 2019 at 11:42:31PM +0200, Janusz Krzysztofik wrote: > > Commit 717fd5b4907ad ("[media] v4l2: replace try_mbus_fmt by set_fmt") > > converted a former ov6650_try_fmt() video operation callback to an > > ov6650_set_fmt() pad operation callback. However, the function does not > > verify correctness of user provided format->which flag and pad config > > pointer arguments. Fix it. > > > > Fixes: 717fd5b4907ad ("[media] v4l2: replace try_mbus_fmt by set_fmt") > > Signed-off-by: Janusz Krzysztofik > > Cc: stable@vger.kernel.org > > --- > > drivers/media/i2c/ov6650.c | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > > > diff --git a/drivers/media/i2c/ov6650.c b/drivers/media/i2c/ov6650.c > > index 007f0ca24913..3062c9a6c57b 100644 > > --- a/drivers/media/i2c/ov6650.c > > +++ b/drivers/media/i2c/ov6650.c > > @@ -679,6 +679,17 @@ static int ov6650_set_fmt(struct v4l2_subdev *sd, > > if (format->pad) > > return -EINVAL; > > > > + switch (format->which) { > > + case V4L2_SUBDEV_FORMAT_ACTIVE: > > + break; > > + case V4L2_SUBDEV_FORMAT_TRY: > > + if (cfg) > > + break; > > + /* fall through */ > > + default: > > + return -EINVAL; > > + } > > For this to return an error, there would need to be a problem on the > caller's side. In other words, this isn't supposed to happen. How about raising a bug if that happens nevertheless? @@ -677,10 +677,20 @@ static int ov6650_set_fmt(struct v4l2_subdev *sd, struct ov6650 *priv = to_ov6650(client); if (format->pad) return -EINVAL; + switch (format->which) { + case V4L2_SUBDEV_FORMAT_TRY: + BUG_ON(!cfg); + /* fall through */ + case V4L2_SUBDEV_FORMAT_ACTIVE: + break; + default: + BUG(); + } + if (is_unscaled_ok(mf->width, mf->height, &priv->rect)) v4l_bound_align_image(&mf->width, 2, W_CIF, 1, &mf->height, 2, H_CIF, 1, 0); mf->field = V4L2_FIELD_NONE; Thanks, Janusz > > Instead of adding such checks to all drivers, I think they instead should > be added to the caller's side. The checks already exist for uAPI, but not > for other drivers. > > The same applies to patches until 7th (including). > > > + > > if (is_unscaled_ok(mf->width, mf->height, &priv->rect)) > > v4l_bound_align_image(&mf->width, 2, W_CIF, 1, > > &mf->height, 2, H_CIF, 1, 0); > >