From 31dc8b5b3e917766c0e593f08677408cb7378645 Mon Sep 17 00:00:00 2001 From: mglocker Date: Sat, 2 Aug 2008 12:32:23 +0000 Subject: [PATCH] If a format descriptor doesn't contain any frame descriptors even if it claims to (as seen on the M$ LifeCam NX6000), abort further processing. Safes us from potential NULL pointer derefs. --- sys/dev/usb/uvideo.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/uvideo.c b/sys/dev/usb/uvideo.c index 7230049724f..b9ce5afaea7 100644 --- a/sys/dev/usb/uvideo.c +++ b/sys/dev/usb/uvideo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvideo.c,v 1.69 2008/08/02 08:51:25 mglocker Exp $ */ +/* $OpenBSD: uvideo.c,v 1.70 2008/08/02 12:32:23 mglocker Exp $ */ /* * Copyright (c) 2008 Robert Nagy @@ -1032,6 +1032,13 @@ uvideo_vs_negotiation(struct uvideo_softc *sc, int commit) pc = (struct usb_video_probe_commit *)probe_data; + /* check if the format descriptor contains frame descriptors */ + if (sc->sc_fmtgrp_cur->frame_num == 0) { + printf("%s: %s: no frame descriptors found!\n", + __func__, DEVNAME(sc)); + return (USBD_INVAL); + } + /* get probe */ bzero(probe_data, sizeof(probe_data)); error = uvideo_vs_get_probe(sc, probe_data, GET_DEF); @@ -2188,6 +2195,13 @@ uvideo_s_fmt(void *v, struct v4l2_format *fmt) if (found == 0) return (EINVAL); + /* check if the format descriptor contains frame descriptors */ + if (sc->sc_fmtgrp[i].frame_num == 0) { + printf("%s: %s: no frame descriptors found!\n", + __func__, DEVNAME(sc)); + return (EINVAL); + } + /* search requested frame resolution */ uvideo_find_res(sc, i, fmt->fmt.pix.width, fmt->fmt.pix.height, &r); -- 2.20.1