[libcamera-devel] [PATCH 2/3] ipa: raspberrypi: Fix possible buffer overrun in metadata parsing
Laurent Pinchart
laurent.pinchart at ideasonboard.com
Tue Jun 22 12:28:10 CEST 2021
Hi Naush,
Thank you for the patch.
On Tue, Jun 15, 2021 at 03:42:10PM +0100, Naushir Patuck wrote:
> The SMIA metadata parser could possibly read one byte past the end of the
> buffer as the buffer size test ran after the read operation. Fix this.
>
> Signed-off-by: Naushir Patuck <naush at raspberrypi.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
> ---
> src/ipa/raspberrypi/md_parser_smia.cpp | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/ipa/raspberrypi/md_parser_smia.cpp b/src/ipa/raspberrypi/md_parser_smia.cpp
> index 5c413f1b55cc..0a14875575a2 100644
> --- a/src/ipa/raspberrypi/md_parser_smia.cpp
> +++ b/src/ipa/raspberrypi/md_parser_smia.cpp
> @@ -71,8 +71,8 @@ MdParserSmia::ParseStatus MdParserSmia::findRegs(libcamera::Span<const uint8_t>
> return NO_LINE_START;
> } else {
> /* allow a zero line length to mean "hunt for the next line" */
> - while (buffer[current_offset] != LINE_START &&
> - current_offset < buffer.size())
> + while (current_offset < buffer.size() &&
> + buffer[current_offset] != LINE_START)
> current_offset++;
>
> if (current_offset == buffer.size())
--
Regards,
Laurent Pinchart
More information about the libcamera-devel
mailing list