[libcamera-devel] [PATCH v4 2/2] android: CameraDevice: Add more camera3_capture_request validation
Hirokazu Honda
hiroh at chromium.org
Sat Apr 3 15:37:41 CEST 2021
This adds more validation to camera3_capture_request mainly
about buffer_handle values.
Signed-off-by: Hirokazu Honda <hiroh at chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
---
src/android/camera_device.cpp | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/src/android/camera_device.cpp b/src/android/camera_device.cpp
index d8ce43be..91791a10 100644
--- a/src/android/camera_device.cpp
+++ b/src/android/camera_device.cpp
@@ -263,11 +263,38 @@ bool isValidRequest(camera3_capture_request_t *camera3Request)
return false;
}
- if (!camera3Request->num_output_buffers) {
+ if (!camera3Request->num_output_buffers ||
+ !camera3Request->output_buffers) {
LOG(HAL, Error) << "No output buffers provided";
return false;
}
+ for (uint32_t i = 0; i < camera3Request->num_output_buffers; i++) {
+ const camera3_stream_buffer_t &outputBuffer =
+ camera3Request->output_buffers[i];
+ if (!outputBuffer.buffer || !(*outputBuffer.buffer)) {
+ LOG(HAL, Error) << "Invalid native handle";
+ return false;
+ }
+
+ const native_handle_t *handle = *outputBuffer.buffer;
+ constexpr int kNativeHandleMaxFds = 1024;
+ if (handle->numFds < 0 || handle->numFds > kNativeHandleMaxFds) {
+ LOG(HAL, Error)
+ << "Invalid number of fds (" << handle->numFds
+ << ") in buffer " << i;
+ return false;
+ }
+
+ constexpr int kNativeHandleMaxInts = 1024;
+ if (handle->numInts < 0 || handle->numInts > kNativeHandleMaxInts) {
+ LOG(HAL, Error)
+ << "Invalid number of ints (" << handle->numInts
+ << ") in buffer " << i;
+ return false;
+ }
+ }
+
return true;
}
--
2.31.0.208.g409f899ff0-goog
More information about the libcamera-devel
mailing list