[libcamera-devel] [PATCH 02/15] v4l2: v4l2_camera_proxy: Check for null arg values in ioctl handlers
Paul Elder
paul.elder at ideasonboard.com
Tue Jun 16 15:12:31 CEST 2020
The ioctl handlers currently don't check if arg is null, so if it ever
is, it will cause a segfault. Check that arg is null and return -EFAULT
in all vidioc ioctl handlers.
Signed-off-by: Paul Elder <paul.elder at ideasonboard.com>
---
src/v4l2/v4l2_camera_proxy.cpp | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/v4l2/v4l2_camera_proxy.cpp b/src/v4l2/v4l2_camera_proxy.cpp
index 594dd13..5b74b53 100644
--- a/src/v4l2/v4l2_camera_proxy.cpp
+++ b/src/v4l2/v4l2_camera_proxy.cpp
@@ -238,6 +238,9 @@ int V4L2CameraProxy::vidioc_querycap(struct v4l2_capability *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_querycap";
+ if (arg == nullptr)
+ return -EFAULT;
+
*arg = capabilities_;
return 0;
@@ -247,6 +250,8 @@ int V4L2CameraProxy::vidioc_enum_fmt(int fd, struct v4l2_fmtdesc *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_enum_fmt fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
if (!validateBufferType(arg->type) ||
arg->index >= streamConfig_.formats().pixelformats().size())
@@ -264,6 +269,8 @@ int V4L2CameraProxy::vidioc_g_fmt(int fd, struct v4l2_format *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_g_fmt fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
if (!validateBufferType(arg->type))
return -EINVAL;
@@ -303,6 +310,9 @@ int V4L2CameraProxy::vidioc_s_fmt(int fd, struct v4l2_format *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_s_fmt fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
+
int ret = lock(fd);
if (ret < 0)
return ret;
@@ -334,6 +344,9 @@ int V4L2CameraProxy::vidioc_try_fmt(int fd, struct v4l2_format *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_try_fmt fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
+
if (!validateBufferType(arg->type))
return -EINVAL;
@@ -361,6 +374,8 @@ int V4L2CameraProxy::vidioc_reqbufs(int fd, struct v4l2_requestbuffers *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_reqbufs fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
int ret = lock(fd);
if (ret < 0)
@@ -444,6 +459,9 @@ int V4L2CameraProxy::vidioc_querybuf(int fd, struct v4l2_buffer *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_querybuf fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
+
int ret = lock(fd);
if (ret < 0)
return ret;
@@ -461,8 +479,10 @@ int V4L2CameraProxy::vidioc_querybuf(int fd, struct v4l2_buffer *arg)
int V4L2CameraProxy::vidioc_qbuf(int fd, struct v4l2_buffer *arg)
{
- LOG(V4L2Compat, Debug) << "Servicing vidioc_qbuf, index = "
- << arg->index << " fd = " << fd;
+ LOG(V4L2Compat, Debug) << "Servicing vidioc_qbuf fd = " << fd;
+
+ if (arg == nullptr)
+ return -EFAULT;
int ret = lock(fd);
if (ret < 0)
@@ -487,6 +507,9 @@ int V4L2CameraProxy::vidioc_dqbuf(int fd, struct v4l2_buffer *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_dqbuf fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
+
int ret = lock(fd);
if (ret < 0)
return ret;
@@ -522,6 +545,9 @@ int V4L2CameraProxy::vidioc_streamon(int fd, int *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_streamon fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
+
int ret = lock(fd);
if (ret < 0)
return ret;
@@ -538,6 +564,9 @@ int V4L2CameraProxy::vidioc_streamoff(int fd, int *arg)
{
LOG(V4L2Compat, Debug) << "Servicing vidioc_streamoff fd = " << fd;
+ if (arg == nullptr)
+ return -EFAULT;
+
int ret = lock(fd);
if (ret < 0)
return ret;
--
2.27.0
More information about the libcamera-devel
mailing list