diff options
| author | Marcin Chrzanowski <marcin.j.chrzanowski@gmail.com> | 2018-05-28 21:24:02 +0200 |
|---|---|---|
| committer | Marcin Chrzanowski <marcin.j.chrzanowski@gmail.com> | 2018-05-28 21:24:02 +0200 |
| commit | 034ccd3ae52e3a6cfaff79c732187534d711e49b (patch) | |
| tree | 88ba653ad844aaa7bde89320f133caec38a43de3 | |
| parent | 97124535ad5f545afc90ebeedb649c2cc36b9b12 (diff) | |
Update argument checking
| -rw-r--r-- | surface.c | 45 |
1 files changed, 36 insertions, 9 deletions
@@ -371,6 +371,8 @@ long fill_rects(struct file *filp, unsigned long arg) return param->rects_num; } +struct file_operations surface_fops; + long copy_rects(struct file *filp, unsigned long arg) { struct surface_data *dst_data; @@ -379,16 +381,22 @@ long copy_rects(struct file *filp, unsigned long arg) struct doomdev_copy_rect *rects; struct fd src_fds; int i; + int err; dst_data = filp->private_data; param = (struct doomdev_surf_ioctl_copy_rects *) arg; rects = (struct doomdev_copy_rect *) param->rects_ptr; src_fds = fdget(param->surf_src_fd); - src_data = src_fds.file->private_data; + if (src_fds.file->f_op != &surface_fops) { + err = -EINVAL; + goto error_fdget; + } + src_data = src_fds.file->private_data; if (dst_data->doom_data != src_data->doom_data) { - return -EINVAL; + err = -EINVAL; + goto error_fdget; } mutex_lock(&dst_data->doom_data->cmd_mutex); @@ -397,11 +405,14 @@ long copy_rects(struct file *filp, unsigned long arg) copy_rect(dst_data, src_data, rects[i]); } + err = param->rects_num; + mutex_unlock(&dst_data->doom_data->cmd_mutex); +error_fdget: fdput(src_fds); - return param->rects_num; + return err; } long draw_columns(struct file *filp, unsigned long arg) @@ -514,16 +525,22 @@ long draw_spans(struct file *filp, unsigned long arg) struct doomdev_span *spans; struct fd flat_fds; int i; + int err; surface_data = filp->private_data; param = (struct doomdev_surf_ioctl_draw_spans *) arg; flat_fds = fdget(param->flat_fd); - flat_data = flat_fds.file->private_data; + if (flat_fds.file->f_op != &flat_fops) { + err = -EINVAL; + goto error_fdget; + } + flat_data = flat_fds.file->private_data; if (surface_data->doom_data != flat_data->doom_data) { - return -EINVAL; + err = -EINVAL; + goto error_fdget; } spans = (struct doomdev_span *) param->spans_ptr; @@ -534,11 +551,14 @@ long draw_spans(struct file *filp, unsigned long arg) draw_span(surface_data, flat_data, spans[i]); } + err = param->spans_num; + mutex_unlock(&surface_data->doom_data->cmd_mutex); +error_fdget: fdput(flat_fds); - return param->spans_num; + return err; } long do_draw_background(struct file *filp, unsigned long arg) @@ -547,16 +567,22 @@ long do_draw_background(struct file *filp, unsigned long arg) struct surface_data *surface_data; struct flat_data *flat_data; struct fd flat_fds; + int err = 0; surface_data = filp->private_data; param = (struct doomdev_surf_ioctl_draw_background *) arg; flat_fds = fdget(param->flat_fd); - flat_data = flat_fds.file->private_data; + if (flat_fds.file->f_op != &flat_fops) { + err = -EINVAL; + goto error_fdget; + } + flat_data = flat_fds.file->private_data; if (surface_data->doom_data != flat_data->doom_data) { - return -EINVAL; + err = -EINVAL; + goto error_fdget; } mutex_lock(&surface_data->doom_data->cmd_mutex); @@ -565,9 +591,10 @@ long do_draw_background(struct file *filp, unsigned long arg) mutex_unlock(&surface_data->doom_data->cmd_mutex); +error_fdget: fdput(flat_fds); - return 0; + return err; } long surface_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) |