zara
/
zephyr
mirror of https://github.com/zephyrproject-rtos/zephyr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

drivers: video: video_stm32_dcmi: Prevent out of bounds memory access 

The frame event callback unconditionally copies into the enqueued video
buffer. The driver only supports fixed length frames, so reject enqueued
buffers that are not large enough to prevent invalid memory access.

Signed-off-by: Brett Witherspoon <brett@witherspoon.engineering>
pull/77082/head
Brett Witherspoon 11 months ago committed by Anas Nashif
parent
1cd6b5f1c1
commit
a0f36d59b7
1 changed files with 6 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      drivers/video/video_stm32_dcmi.c

7
drivers/video/video_stm32_dcmi.c
Unescape View File

@ -308,12 +308,17 @@ static int video_stm32_dcmi_enqueue(const struct device *dev, @@ -308,12 +308,17 @@ static int video_stm32_dcmi_enqueue(const struct device *dev,
struct video_buffer *vbuf)
{
struct video_stm32_dcmi_data *data = dev->data;
const uint32_t buffer_size = data->pitch * data->height;
if (ep != VIDEO_EP_OUT) {
return -EINVAL;
}
vbuf->bytesused = data->pitch * data->height;
if (buffer_size > vbuf->size) {
return -EINVAL;
}
vbuf->bytesused = buffer_size;
k_fifo_put(&data->fifo_in, vbuf);

Write Preview
Loading…
Cancel
Save