summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Elder <paul.elder@ideasonboard.com>2020-06-16 18:23:43 +0900
committerPaul Elder <paul.elder@ideasonboard.com>2020-06-25 23:47:13 +0900
commitb5d61c86ab23baf420764cbcc4814aee42d34a9d (patch)
treea8bd6fd8f79b527d3233dc595afec121211ceb11
parent02802aa11f0ba25718c09ac836188701065cba9a (diff)
v4l2: v4l2_camera_proxy: Check for null arg values in main ioctl handler
The ioctl handlers currently don't check if arg is null, so if it ever is, it will cause a segfault. Check that arg is null and return -EFAULT in the main vidioc ioctl handler. Signed-off-by: Paul Elder <paul.elder@ideasonboard.com> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
-rw-r--r--src/v4l2/v4l2_camera_proxy.cpp30
-rw-r--r--src/v4l2/v4l2_camera_proxy.h3
2 files changed, 33 insertions, 0 deletions
diff --git a/src/v4l2/v4l2_camera_proxy.cpp b/src/v4l2/v4l2_camera_proxy.cpp
index a411ea3e..7ac4eeb2 100644
--- a/src/v4l2/v4l2_camera_proxy.cpp
+++ b/src/v4l2/v4l2_camera_proxy.cpp
@@ -11,6 +11,7 @@
#include <array>
#include <errno.h>
#include <linux/videodev2.h>
+#include <set>
#include <string.h>
#include <sys/mman.h>
#include <unistd.h>
@@ -521,8 +522,37 @@ int V4L2CameraProxy::vidioc_streamoff(V4L2CameraFile *file, int *arg)
return ret;
}
+const std::set<unsigned long> V4L2CameraProxy::supportedIoctls_ = {
+ VIDIOC_QUERYCAP,
+ VIDIOC_ENUM_FMT,
+ VIDIOC_G_FMT,
+ VIDIOC_S_FMT,
+ VIDIOC_TRY_FMT,
+ VIDIOC_REQBUFS,
+ VIDIOC_QUERYBUF,
+ VIDIOC_QBUF,
+ VIDIOC_DQBUF,
+ VIDIOC_STREAMON,
+ VIDIOC_STREAMOFF,
+};
+
int V4L2CameraProxy::ioctl(V4L2CameraFile *file, unsigned long request, void *arg)
{
+ if (!arg && (_IOC_DIR(request) & _IOC_WRITE)) {
+ errno = EFAULT;
+ return -1;
+ }
+
+ if (supportedIoctls_.find(request) == supportedIoctls_.end()) {
+ errno = ENOTTY;
+ return -1;
+ }
+
+ if (!arg && (_IOC_DIR(request) & _IOC_READ)) {
+ errno = EFAULT;
+ return -1;
+ }
+
int ret;
switch (request) {
case VIDIOC_QUERYCAP:
diff --git a/src/v4l2/v4l2_camera_proxy.h b/src/v4l2/v4l2_camera_proxy.h
index 36d1dbc8..86c1a7df 100644
--- a/src/v4l2/v4l2_camera_proxy.h
+++ b/src/v4l2/v4l2_camera_proxy.h
@@ -11,6 +11,7 @@
#include <linux/videodev2.h>
#include <map>
#include <memory>
+#include <set>
#include <sys/mman.h>
#include <sys/types.h>
#include <vector>
@@ -68,6 +69,8 @@ private:
static PixelFormat v4l2ToDrm(uint32_t format);
static uint32_t drmToV4L2(const PixelFormat &format);
+ static const std::set<unsigned long> supportedIoctls_;
+
unsigned int refcount_;
unsigned int index_;