From b9a1516254f722fc9367140e28ade7ec8b5539d5 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Sun, 1 Nov 2020 15:29:56 -0500 Subject: [PATCH] linux-v4l2: avoid OOB write v4l2_outputparm includes unused fields, defined as __u32 reserved[4] Accesses to reserved[4] was out of bounds. Fix this and simplify by just zeroing the entire struct v4l2_streamparm instead. --- plugins/linux-v4l2/v4l2-output.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/plugins/linux-v4l2/v4l2-output.c b/plugins/linux-v4l2/v4l2-output.c index e2c9a647c..ab560cb66 100644 --- a/plugins/linux-v4l2/v4l2-output.c +++ b/plugins/linux-v4l2/v4l2-output.c @@ -97,15 +97,12 @@ static bool try_connect(void *data, int device) struct obs_video_info ovi; obs_get_video_info(&ovi); + memset(&parm, 0, sizeof(parm)); parm.type = V4L2_BUF_TYPE_VIDEO_OUTPUT; parm.parm.output.capability = V4L2_CAP_TIMEPERFRAME; parm.parm.output.timeperframe.numerator = ovi.fps_den; parm.parm.output.timeperframe.denominator = ovi.fps_num; - parm.parm.output.outputmode = 0; - parm.parm.output.writebuffers = 0; - parm.parm.output.extendedmode = 0; - parm.parm.output.reserved[4] = 0; if (ioctl(vcam->device, VIDIOC_S_PARM, &parm) < 0) return false;