FROMGIT: media: venus: hfi: add a check to handle OOB in sfr region
commit <b52b1d43303eed370c9c94fc6c54eaedfe2b87c9> (<"media: venus: hfi: add a check to handle OOB in sfr region">) sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual SFR data buffer. Cap the size to allocated size for such cases. Cc: stable@vger.kernel.org Fixes: d96d3f30 ("[media] media: venus: hfi: add Venus HFI files") Reviewed-by:Bryan O'Donoghue <bryan.odonoghue@linaro.org> CRs-Fixed: 3947576 Change-Id: I483a5feff3dfa35dae8f444e57601d2d1d85246f Git-repo: https://gitlab.freedesktop.org/linux-media/media-committers.git Signed-off-by:
Vikash Garodia <quic_vgarodia@quicinc.com> Signed-off-by:
Vasantha Balla <quic_c_vballa@quicinc.com>
Loading
Please sign in to comment