linux/drivers/media/v4l2-core
Arnd Bergmann 1dc8b65c94 media: v4l2-core: only zero-out ioctl-read buffers
The memset() got moved out of the check for _IOC_NONE, so passing a
made-up command number with a size but no direction would allow clearing
data on user-provided pointers.

Move video_get_user() back into the _IOC_NONE check where it belongs.

Reported-by: syzbot+54fd8cca4b7226c94b8e@syzkaller.appspotmail.com
Fixes: 6c625c01c7a6 ("media: v4l2-core: split out data copy from video_usercopy")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
2020-01-08 13:27:58 +01:00
..
Kconfig media: v4l2-core: move i2c helpers out of v4l2-common.c 2019-08-26 10:50:48 -03:00
Makefile media: v4l2-core: move i2c helpers out of v4l2-common.c 2019-08-26 10:50:48 -03:00
tuner-core.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
v4l2-async.c media: v4l2-async: Safely clean up an uninitialised notifier 2019-07-25 11:00:06 -04:00
v4l2-clk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
v4l2-common.c media: v4l2-common: add RGB565 and RGB55 to v4l2_format_info 2019-10-10 13:53:41 -03:00
v4l2-compat-ioctl32.c media: v4l2-core: fix compat v4l2_buffer handling for time64 ABI 2020-01-03 15:53:46 +01:00
v4l2-ctrls.c media: v4l2-ctrl: Lock main_hdl on operations of requests_queued. 2019-11-10 07:29:10 +01:00
v4l2-dev.c media: v4l2-dev: disable frequency and tuner ioctls for touch 2019-10-24 11:43:33 -03:00
v4l2-device.c media: v4l2-core: introduce a helper to unregister a i2c subdev 2019-08-26 10:52:06 -03:00
v4l2-dv-timings.c media: v4l2-dv-timings: Use DIV_ROUND_CLOSEST directly to make it readable 2019-11-05 08:49:22 -03:00
v4l2-event.c media: v4l2-core: fix VIDIOC_DQEVENT for time64 ABI 2020-01-03 15:47:57 +01:00
v4l2-fh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
v4l2-flash-led-class.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
v4l2-fwnode.c media: v4l: fwnode: Make v4l2_fwnode_endpoint_free() safer 2019-10-01 17:32:55 -03:00
v4l2-i2c.c v4l2-core: fix coding style for the two new c files 2019-08-26 11:01:25 -03:00
v4l2-ioctl.c media: v4l2-core: only zero-out ioctl-read buffers 2020-01-08 13:27:58 +01:00
v4l2-mc.c media: v4l2-mc: add print messages when media graph fails 2018-09-17 13:16:19 -04:00
v4l2-mem2mem.c media: v4l2-mem2mem: Fix hold buf flag checks 2019-11-09 09:07:34 +01:00
v4l2-spi.c v4l2-core: fix coding style for the two new c files 2019-08-26 11:01:25 -03:00
v4l2-subdev.c media: v4l2-core: fix VIDIOC_DQEVENT for time64 ABI 2020-01-03 15:47:57 +01:00
v4l2-trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
videobuf-core.c media: v4l2: abstract timeval handling in v4l2_buffer 2020-01-03 15:43:35 +01:00
videobuf-dma-contig.c media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get 2019-09-25 17:51:41 -07:00
videobuf-dma-sg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 237 2019-06-19 17:09:07 +02:00
videobuf-vmalloc.c media updates for v5.3-rc1 2019-07-09 09:47:22 -07:00