shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-05 18:41:58 +09:00
Code Issues Packages Projects Releases Wiki Activity

media: vicodec: fix memchr() kernel oops

Browse Source 
commit cb3b2ffb75 upstream.

The size passed to memchr is too large as it assumes the search
starts at the start of the buffer, but it can start at an offset.

Cc: <stable@vger.kernel.org>      # for v4.19 and up
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Hans Verkuil
2018-11-17 06:25:08 -05:00
committed by Greg Kroah-Hartman
parent c4dabf3708
commit 663bfc44d1
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/media/platform/vicodec/vicodec-core.c
View File

@@ -438,7 +438,8 @@ restart:
for (; p < p_out + sz; p++) {
u32 copy;
p = memchr(p, magic[ctx->comp_magic_cnt], sz);
p = memchr(p, magic[ctx->comp_magic_cnt],
p_out + sz - p);
if (!p) {
ctx->comp_magic_cnt = 0;
break;