hdmitx: fix KASAN Bug in hdmitx_edid_parse [1/1]

author Kaifu Hu <kaifu.hu@amlogic.com>

Tue, 18 Sep 2018 06:04:41 +0000 (14:04 +0800)

committer Tao Zeng <tao.zeng@amlogic.com>

Wed, 19 Sep 2018 07:27:21 +0000 (00:27 -0700)
author Kaifu Hu <kaifu.hu@amlogic.com>
Tue, 18 Sep 2018 06:04:41 +0000 (14:04 +0800)
committer Tao Zeng <tao.zeng@amlogic.com>
Wed, 19 Sep 2018 07:27:21 +0000 (00:27 -0700)
diff --git a/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_edid.c b/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_edid.c

index ca3c978..09f46f8 100644 (file)
--- a/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_edid.c
+++ b/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_edid.c
@@ -136,6 +136,10 @@ static void Edid_ParsingIDManufacturerName(struct rx_cap *pRxCap,
         brand[1] = ((data[0] & 0x3) << 3) + (data[1] >> 5);
         brand[2] = data[1] & 0x1f;
  
+       if (((brand[0] > 26) || (brand[0] == 0))
+               || ((brand[1] > 26) || (brand[1] == 0))
+               || ((brand[2] > 26) || (brand[2] == 0)))
+               return;
         for (i = 0; i < 3; i++)
                 pRxCap->IDManufacturerName[i] = uppercase[brand[i] - 1];
  }
diff --git a/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_main.c b/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_main.c

index f6e2c70..6ecf080 100644 (file)
--- a/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_main.c
+++ b/drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_main.c
@@ -596,7 +596,8 @@ static ssize_t show_attr(struct device *dev,
  ssize_t store_attr(struct device *dev,
         struct device_attribute *attr, const char *buf, size_t count)
  {
-       memcpy(hdmitx_device.fmt_attr, buf, sizeof(hdmitx_device.fmt_attr));
+       strncpy(hdmitx_device.fmt_attr, buf, sizeof(hdmitx_device.fmt_attr));
+       hdmitx_device.fmt_attr[15] = '\0';
         return count;
  }
  /*aud_mode attr*/
@@ -2244,6 +2245,7 @@ static ssize_t show_hdr_cap(struct device *dev,
         int pos = 0;
         unsigned int i, j;
         struct rx_cap *pRXCap = &(hdmitx_device.RXCap);
+
         pos += snprintf(buf + pos, PAGE_SIZE, "HDR Static Metadata:\n");
         pos += snprintf(buf + pos, PAGE_SIZE, "    Supported EOTF:\n");
         pos += snprintf(buf + pos, PAGE_SIZE, "        Traditional SDR: %d\n",
@@ -3324,6 +3326,7 @@ static void clear_hdr_info(struct hdmitx_dev *hdev)
  {
         struct vinfo_s *info = hdmitx_get_current_vinfo();
         unsigned int i;
+
         if (info) {
                 info->hdr_info.hdr_support = 0;
                 for (i = 0; i < 4; i++)
author	Kaifu Hu <kaifu.hu@amlogic.com>
	Tue, 18 Sep 2018 06:04:41 +0000 (14:04 +0800)
committer	Tao Zeng <tao.zeng@amlogic.com>
	Wed, 19 Sep 2018 07:27:21 +0000 (00:27 -0700)
drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_edid.c		patch \| blob \| history
drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_main.c		patch \| blob \| history