[libcamera-devel] [PATCH 2/3] ipa: raspberrypi: Fix possible buffer overrun in metadata parsing
Naushir Patuck
naush at raspberrypi.com
Tue Jun 15 16:42:10 CEST 2021
The SMIA metadata parser could possibly read one byte past the end of the
buffer as the buffer size test ran after the read operation. Fix this.
Signed-off-by: Naushir Patuck <naush at raspberrypi.com>
---
src/ipa/raspberrypi/md_parser_smia.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/ipa/raspberrypi/md_parser_smia.cpp b/src/ipa/raspberrypi/md_parser_smia.cpp
index 5c413f1b55cc..0a14875575a2 100644
--- a/src/ipa/raspberrypi/md_parser_smia.cpp
+++ b/src/ipa/raspberrypi/md_parser_smia.cpp
@@ -71,8 +71,8 @@ MdParserSmia::ParseStatus MdParserSmia::findRegs(libcamera::Span<const uint8_t>
return NO_LINE_START;
} else {
/* allow a zero line length to mean "hunt for the next line" */
- while (buffer[current_offset] != LINE_START &&
- current_offset < buffer.size())
+ while (current_offset < buffer.size() &&
+ buffer[current_offset] != LINE_START)
current_offset++;
if (current_offset == buffer.size())
--
2.25.1
More information about the libcamera-devel
mailing list