media: venus: hfi_parser: add check to avoid out of bound access
commit 172bf5a9ef70a399bb227809db78442dc01d9e48 upstream. There is a possibility that init_codecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecs_count can get incremented to value more than MAX_CODEC_NUM, there can be OOB access. Reset the count so that it always starts from beginning. Cc: stable@vger.kernel.org Fixes: 1a73374a ("media: venus: hfi_parser: add common capability parser") Reviewed-by:Bryan O'Donoghue <bryan.odonoghue@linaro.org> Signed-off-by:
Vikash Garodia <quic_vgarodia@quicinc.com> Signed-off-by:
Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Loading