Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e5133a0b authored Feb 20, 2025 by Vikash Garodia Committed by Greg Kroah-Hartman May 02, 2025

media: venus: hfi_parser: add check to avoid out of bound access



commit 172bf5a9ef70a399bb227809db78442dc01d9e48 upstream.

There is a possibility that init_codecs is invoked multiple times during
manipulated payload from video firmware. In such case, if codecs_count
can get incremented to value more than MAX_CODEC_NUM, there can be OOB
access. Reset the count so that it always starts from beginning.

Cc: stable@vger.kernel.org
Fixes: 1a73374a ("media: venus: hfi_parser: add common capability parser")
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Vikash Garodia <quic_vgarodia@quicinc.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 43975121

Show whitespace changes

Inline Side-by-side

Sahil Sonar 💬 @sahilsonar
mentioned in commit a095a274
· Aug 02, 2025

mentioned in commit a095a274

mentioned in commit a095a2749dd50541f58e8a1caae1b599ec119469

Toggle commit list
Sahil Sonar 💬 @sahilsonar
mentioned in commit a095a274
· Aug 02, 2025

mentioned in commit a095a274

mentioned in commit a095a2749dd50541f58e8a1caae1b599ec119469

Toggle commit list

Please register or to comment