Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp5047081rwl; Mon, 10 Apr 2023 22:56:27 -0700 (PDT) X-Google-Smtp-Source: AKy350ZnDIKtRcx8up3Zm60D5NpGDQNTQojVYQYtxj3VMpUGtQl9mwiYJmy1XyUp6YQbMjW/MmxU X-Received: by 2002:a17:906:eea:b0:8b1:7de3:cfaa with SMTP id x10-20020a1709060eea00b008b17de3cfaamr9542002eji.3.1681192587230; Mon, 10 Apr 2023 22:56:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681192587; cv=none; d=google.com; s=arc-20160816; b=iS476RGC6OvSEY+vJW/Mmns+HU4/JjBGnxVnN8ixWUqAPjvB1cW03MJwVB2sD588JY oq9l++uNqwrGbdj3kbkHLM36WJq2ihHIAHgRL5BQydJOevyrqf/K4KrRTRhglXFudJuy Pcfz9ev2XOQSpPhf4AmCa9Kn5lMQun0epXxmK6vWl5AG2BveD4xy8suvEz/JFEHzRgiY ewljBymXMP10cvT1jQcX2mM6qWJp10yTMFoMKS/zcYYmShQtJ/17irbAg0azEQdM34vZ RH6j1MvidaG+KLdqi5rrT2M/bnRqgRjr8AP7logIR+C8e4VNhfAv74bpN6aeFubI3qd4 +vWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hlzUNXvIMOQc13xK9X1uYOOly8rXvrRJ86fD7YnDQ/U=; b=vvlMyN/KBCwV7m+YJ9cN7CmV3dtSeH6PxWrB7bUTlvU9+8ZrZGhHi0LaCbgUYyZiLC Ke41Abk+q30+Sqr1QXtwtLTyNwRfUT7BhddXeQLKnhvK35+/Tj8BFG0AFWKSPDDxkjQ+ PPSUMJxY8VevJUgdp9P3L16rN+PXvG3azN7Z79ehlV9uVti44bRrs0DVNVQ21I4zlIeV 1DG+IPNGsEow4Ybq/9XO/u6ePUDiIBAeKG+E+f3na/slGZk8IRS1v/6LKnQz4RjrE9ND ZFmjSRHJJ9KYzrIKicQ6fjLI3g+mK5V8AzD7dklmwqJfg7Gjmcp0EI1EB0yQs6NvmOFA NaEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=Sg1Bfe8z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id he8-20020a1709073d8800b0094a59d17e91si2992061ejc.863.2023.04.10.22.56.02; Mon, 10 Apr 2023 22:56:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b=Sg1Bfe8z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229873AbjDKFyb (ORCPT + 99 others); Tue, 11 Apr 2023 01:54:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38064 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229640AbjDKFya (ORCPT ); Tue, 11 Apr 2023 01:54:30 -0400 Received: from mailgw02.mediatek.com (unknown [210.61.82.184]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E621CE6A; Mon, 10 Apr 2023 22:54:22 -0700 (PDT) X-UUID: 4bdcb97ed82d11edb6b9f13eb10bd0fe-20230411 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=hlzUNXvIMOQc13xK9X1uYOOly8rXvrRJ86fD7YnDQ/U=; b=Sg1Bfe8zvipETD43TMa8G9cAc0DlLJyY3dihZkmO8efWTESUiqQCDYD36MIZ9XhyZD6I+kK16feJpBIHHRlpYkueSJRl6BR0L5zzSNrn1MtaFJQLd3BNewIMNRbcUb+8u4IZMPvN70nBMxmlBTg6Yp4QrUzkGIXA5Ijuu2uMZzI=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.22,REQID:37fdfbfb-d691-4357-9921-2041b2a9c00f,IP:0,U RL:0,TC:0,Content:-5,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION :release,TS:-5 X-CID-META: VersionHash:120426c,CLOUDID:fe30a683-cd9c-45f5-8134-710979e3df0e,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0 X-CID-BVR: 0,NGT X-CID-BAS: 0,NGT,0,_ X-UUID: 4bdcb97ed82d11edb6b9f13eb10bd0fe-20230411 Received: from mtkmbs11n1.mediatek.inc [(172.21.101.185)] by mailgw02.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 120522778; Tue, 11 Apr 2023 13:54:17 +0800 Received: from mtkmbs13n2.mediatek.inc (172.21.101.108) by mtkmbs11n2.mediatek.inc (172.21.101.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Tue, 11 Apr 2023 13:54:16 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs13n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.25 via Frontend Transport; Tue, 11 Apr 2023 13:54:15 +0800 From: Irui Wang To: Hans Verkuil , Mauro Carvalho Chehab , Matthias Brugger CC: , , , , , , Yunfei Dong , Irui Wang Subject: [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range Date: Tue, 11 Apr 2023 13:54:12 +0800 Message-ID: <20230411055413.539-2-irui.wang@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230411055413.539-1-irui.wang@mediatek.com> References: <20230411055413.539-1-irui.wang@mediatek.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-MTK: N X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAY_BE_FORGED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,T_SPF_TEMPERROR, UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org CERT-C Characters and Strings: dev->reg_base[dev->venc_pdata->core_id] evaluates to an address that could be at negative offset of an array, check core id is in valid range. Signed-off-by: Irui Wang --- .../mediatek/vcodec/mtk_vcodec_enc_drv.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c index 9095186d5495..125d5722d07b 100644 --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c @@ -89,16 +89,24 @@ static irqreturn_t mtk_vcodec_enc_irq_handler(int irq, void *priv) struct mtk_vcodec_ctx *ctx; unsigned long flags; void __iomem *addr; + int core_id; spin_lock_irqsave(&dev->irqlock, flags); ctx = dev->curr_ctx; spin_unlock_irqrestore(&dev->irqlock, flags); - mtk_v4l2_debug(1, "id=%d coreid:%d", ctx->id, dev->venc_pdata->core_id); - addr = dev->reg_base[dev->venc_pdata->core_id] + - MTK_VENC_IRQ_ACK_OFFSET; + core_id = dev->venc_pdata->core_id; + if (core_id < 0 || core_id >= NUM_MAX_VCODEC_REG_BASE) { + mtk_v4l2_err("Invalid core id: %d, ctx id: %d", + core_id, ctx->id); + return IRQ_HANDLED; + } + + mtk_v4l2_debug(1, "id: %d, core id: %d", ctx->id, core_id); + + addr = dev->reg_base[core_id] + MTK_VENC_IRQ_ACK_OFFSET; - ctx->irq_status = readl(dev->reg_base[dev->venc_pdata->core_id] + + ctx->irq_status = readl(dev->reg_base[core_id] + (MTK_VENC_IRQ_STATUS_OFFSET)); clean_irq_status(ctx->irq_status, addr); -- 2.18.0