[PATCH v2 0/4] Venus driver fixes to avoid possible OOB accesses

Vikash Garodia posted 4 patches 1 year, 3 months ago
drivers/media/platform/qcom/venus/hfi_msgs.c   |  2 +-
drivers/media/platform/qcom/venus/hfi_parser.c | 15 +++++++++++++++
drivers/media/platform/qcom/venus/hfi_venus.c  | 10 ++++++++++
3 files changed, 26 insertions(+), 1 deletion(-)
[PATCH v2 0/4] Venus driver fixes to avoid possible OOB accesses
Posted by Vikash Garodia 1 year, 3 months ago
v1 -> v2:
- Address the comment to reduce size of queue pointer from queue size
- Consider the data size during memcpy to avoid OOB write
- Use hweight_long() to count the setbits representing the supported codecs

v1: https://lore.kernel.org/all/1690432469-14803-1-git-send-email-quic_vgarodia@quicinc.com/

This series primarily adds check at relevant places in venus driver where there are possible OOB
accesses due to unexpected payload from venus firmware. The patches describes the specific OOB
possibility.

Please review and share your feedback.

Vikash Garodia (4):
  venus: hfi: add checks to perform sanity on queue pointers
  venus: hfi: fix the check to handle session buffer requirement
  venus: hfi: add checks to handle capabilities from firmware
  venus: hfi_parser: Add check to keep the number of codecs within range

 drivers/media/platform/qcom/venus/hfi_msgs.c   |  2 +-
 drivers/media/platform/qcom/venus/hfi_parser.c | 15 +++++++++++++++
 drivers/media/platform/qcom/venus/hfi_venus.c  | 10 ++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

-- 
2.7.4