Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp749561rwb; Wed, 26 Jul 2023 02:07:20 -0700 (PDT) X-Google-Smtp-Source: APBJJlHdwYD9QJa7v3VdIRbjPuaJn4AottNoMr2etJ4RERepL0NuGhjqhWFMGnpx7v+f/erTiO79 X-Received: by 2002:a05:6808:de1:b0:3a3:6cb2:d5bf with SMTP id g33-20020a0568080de100b003a36cb2d5bfmr1405447oic.4.1690362440043; Wed, 26 Jul 2023 02:07:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690362440; cv=none; d=google.com; s=arc-20160816; b=QFzn4NhKFcyzyMmiqwfnoLFI95j3HSX5MLa81EKQb87vBAl45IKwHqpuHFiZA+fbvy P/LFtZhGVmndifx6ZjmgJXs3m0BN1etiZvnRh+bpx9IFiUWPMGdTYGURIoDgxkiudI2H ksYTbPkFPEcCouB1P0SZVpxzwfwkxZbcp3VMamLO5Dp7hxgUZ2mTKhgL894n+J9ugsFY DjCxsNFpHZwJp4mkCfMlcPCWlek79dmGwLZFhaaQ19SHf6gZagPULW51oIfpVUlKhIyL uZi+ljxJ+v4Gchmghot1XxJiuMEoWtgOKW5TUuQrbThrzOywEKtPUXZN3gNPBkbH6Aga YDQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ZFMVJEruV9LE4C75mlWS0Nb+yQQsemXUAAUYYCpPIuI=; fh=/ApEet+6gzV8oUala/ga+noy3aKO8BltUNRKyCPkmII=; b=ZyUjaasNCr9JSEx02XJwxXn2iHMoeB5VtZZZiGLSoK4u6aly1+SgNliEeMfEXHHk71 1h7bIrZ8/QRPeDiW9cf3zDVau5YS4CSqexAnjAykHhrOqvqbsnqOSp+HLCn6CnBTddi1 9LMdaZjaIlT8Mz6wVcrBi7MG9PUF3Bnziqfh3iyvDGrR0y7Tv87Aax7R62R5GLX8JtDz PFmphhCr4WJxRhT5+OzKW/fv30sXzS3Uc+9AYdTeQZGKTj1hIZWoYxikWWjVPmyPTPZa 4Q3PtEfg5vlR2FOKJkvDohIZjZzvppWj0II9N7YC2vtbNorCGJh5H7jBFmy0jeCcWCuW zJtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=IWf8UxJc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l19-20020a639853000000b0055aeedd94d3si13119665pgo.58.2023.07.26.02.07.07; Wed, 26 Jul 2023 02:07:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=IWf8UxJc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233226AbjGZIrK (ORCPT + 99 others); Wed, 26 Jul 2023 04:47:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233403AbjGZIqa (ORCPT ); Wed, 26 Jul 2023 04:46:30 -0400 Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98A354ECD for ; Wed, 26 Jul 2023 01:39:05 -0700 (PDT) Received: by mail-qv1-xf36.google.com with SMTP id 6a1803df08f44-63d30554eefso899066d6.3 for ; Wed, 26 Jul 2023 01:39:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1690360744; x=1690965544; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZFMVJEruV9LE4C75mlWS0Nb+yQQsemXUAAUYYCpPIuI=; b=IWf8UxJcTVihLcsA4TFlENhD7ULcH/J8QQvz3LpIPT+291r2x7X2mEcDMRu9rsFS2i uzAnseQ77kIMUJOuq/KpVpxIyPOGu3YdRD1Iu/ZYlMrzJes8Sfp+GTFkWCrulEKCtSZH GX9ss5XhkbuJTiMFgnHboaZiC/ocPQNc3rvRg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690360744; x=1690965544; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZFMVJEruV9LE4C75mlWS0Nb+yQQsemXUAAUYYCpPIuI=; b=AQKHOL5zumfiedkIekz75GJBdPVwmhnYinFafp8jAHJQIUMQX9inPNbgSn+V8A7z0v jlOPk9A6mAdiKgfEdn+JUvICMr2AXt+IIqn0fdHm0IJdNWtA5A2K8Hfqgqx/7y+Pa586 38Hwx4R8gFX3iq3f9Xb/JK+IrLK1/QieoDpTnNFKCX8LusWue+gGeOPhPH9nmNLyChoW wvfJnByZ4OtRhAjdv89smuaDkrla40W8ELImCrI45Y38sDPLmHgHOB6gHYNLARcnW2np /Z7V56L7f6naPfjQczFoKFDWiIzFoLLWks0+RKuZqcW5umgrg4a7XK2xx7aTDdKCCyHA B+FA== X-Gm-Message-State: ABy/qLY/g6XRjCMNKEpIi4U4/YR4iBoBB0GO+vq5wiRv+70czEAxc1Am StacN3lArJPlKOTSi7lPhEahDv41q1OgrglyoblZ8A== X-Received: by 2002:a0c:f294:0:b0:63c:f0af:14f6 with SMTP id k20-20020a0cf294000000b0063cf0af14f6mr1194642qvl.65.1690360744400; Wed, 26 Jul 2023 01:39:04 -0700 (PDT) Received: from mail-qv1-f47.google.com (mail-qv1-f47.google.com. [209.85.219.47]) by smtp.gmail.com with ESMTPSA id t27-20020a0cb39b000000b0063cdeac3419sm4093780qve.110.2023.07.26.01.38.53 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Jul 2023 01:38:58 -0700 (PDT) Received: by mail-qv1-f47.google.com with SMTP id 6a1803df08f44-63cf3dcffe0so25051076d6.1 for ; Wed, 26 Jul 2023 01:38:53 -0700 (PDT) X-Received: by 2002:a05:6214:16cc:b0:62f:f2f0:2af3 with SMTP id d12-20020a05621416cc00b0062ff2f02af3mr1247360qvz.41.1690360732250; Wed, 26 Jul 2023 01:38:52 -0700 (PDT) MIME-Version: 1.0 References: <20230717-uvc-oob-v2-1-c7745a8d5847@chromium.org> <20230725213451.GU31069@pendragon.ideasonboard.com> <20230726080753.GX31069@pendragon.ideasonboard.com> <952fb983-d1e0-2c4b-a7e8-81c33473c727@leemhuis.info> In-Reply-To: <952fb983-d1e0-2c4b-a7e8-81c33473c727@leemhuis.info> From: Ricardo Ribalda Date: Wed, 26 Jul 2023 10:38:40 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] media: uvcvideo: Fix OOB read To: Thorsten Leemhuis Cc: Laurent Pinchart , Mauro Carvalho Chehab , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, Sergey Senozhatsky , stable@kernel.org, Zubin Mithra , =?UTF-8?Q?Kai_Wasserb=C3=A4ch?= Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Thorsten On Wed, 26 Jul 2023 at 10:33, Thorsten Leemhuis wrote: > > On 26.07.23 10:07, Laurent Pinchart wrote: > > (CC'ing Kai and Thorsten who have added the check to checkpatch) > > > > On Wed, Jul 26, 2023 at 08:24:50AM +0200, Ricardo Ribalda wrote: > >> On Tue, 25 Jul 2023 at 23:34, Laurent Pinchart wrote: > >>> On Thu, Jul 20, 2023 at 05:46:54PM +0000, Ricardo Ribalda wrote: > >>>> If the index provided by the user is bigger than the mask size, we might do an > >>>> out of bound read. > >>>> > >>>> CC: stable@kernel.org > >>>> Fixes: 40140eda661e ("media: uvcvideo: Implement mask for V4L2_CTRL_TYPE_MENU") > >>>> Reported-by: Zubin Mithra > >>> > >>> checkpatch now requests a Reported-by tag to be immediately followed by > >>> a Closes > > Not that it matters, the changes I performed only required a Link: tag, > which is how things should have been done for many years already. It > later became Closes: due to patches from Matthieu. But whatever. :-D > I prefer to leave the Reported-by and remove the Closes, that way we credit the reporter (assuming they approved to be referred). But if that is not possible, just remove the reported-by. A private link is pretty much noise on the tree. Thanks! > >>> tag that contains the URL to the report. Could you please > >>> provide that ? > >> I saw that, but the URL is kind of private: > >> Closes: http://issuetracker.google.com/issues/289975230 > > Ah :-S I wonder if we should drop the Reported-by tag then ? > > That's what I do, unless the reporter granted his permission. To quote > Documentation/process/5.Posting.rst : ```Be careful in the addition of > tags to your patches, as only Cc: is appropriate for addition without > the explicit permission of the person named; using Reported-by: is fine > most of the time as well, but ask for permission if the bug was reported > in private.``` > > I heard of on instance where a GDPR complaint was filed due to a > Reported-by: tag. So maybe that part should be even revisited reg. the > Cc: aspect. :-/ > > Ciao, Thorsten -- Ricardo Ribalda