* [PATCH 0/2] media: videobuf2: make sure bytesused is smaller than the buffer size
@ 2021-11-08 19:39 Dafna Hirschfeld
2021-11-08 19:39 ` [PATCH 1/2] media: replace setting of bytesused with vb2_set_plane_payload Dafna Hirschfeld
2021-11-08 19:39 ` [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length Dafna Hirschfeld
0 siblings, 2 replies; 7+ messages in thread
From: Dafna Hirschfeld @ 2021-11-08 19:39 UTC (permalink / raw)
To: linux-media
Cc: Dafna Hirschfeld, kernel, laurent.pinchart, hverkuil, dafna3,
sakari.ailus, mchehab
Add a WARN_ON in vb2_set_plane_payload if bytesused is bigger than length.
Also change places where bytesused is set directly with that function.
This help find/eliminate possible buffer overflow.
Dafna Hirschfeld (2):
media: replace setting of bytesused with vb2_set_plane_payload
media: videobuf2: add WARN_ON if bytesused is bigger than buffer
length
drivers/media/platform/allegro-dvt/allegro-core.c | 2 +-
drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c | 10 +++++-----
drivers/media/test-drivers/vicodec/vicodec-core.c | 2 +-
drivers/media/usb/go7007/go7007-driver.c | 2 +-
drivers/staging/media/meson/vdec/vdec_helpers.c | 10 +++++-----
include/media/videobuf2-core.h | 4 +++-
6 files changed, 16 insertions(+), 14 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] media: replace setting of bytesused with vb2_set_plane_payload
2021-11-08 19:39 [PATCH 0/2] media: videobuf2: make sure bytesused is smaller than the buffer size Dafna Hirschfeld
@ 2021-11-08 19:39 ` Dafna Hirschfeld
2021-11-10 14:45 ` Laurent Pinchart
2021-11-08 19:39 ` [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length Dafna Hirschfeld
1 sibling, 1 reply; 7+ messages in thread
From: Dafna Hirschfeld @ 2021-11-08 19:39 UTC (permalink / raw)
To: linux-media
Cc: Dafna Hirschfeld, kernel, laurent.pinchart, hverkuil, dafna3,
sakari.ailus, mchehab
In many places the bytesused field of struct vb2_buffer is set
directly. Replace that with the function call
vb2_set_plane_payload
Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
---
drivers/media/platform/allegro-dvt/allegro-core.c | 2 +-
drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c | 10 +++++-----
drivers/media/test-drivers/vicodec/vicodec-core.c | 2 +-
drivers/media/usb/go7007/go7007-driver.c | 2 +-
drivers/staging/media/meson/vdec/vdec_helpers.c | 10 +++++-----
5 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/drivers/media/platform/allegro-dvt/allegro-core.c b/drivers/media/platform/allegro-dvt/allegro-core.c
index c8156da33043..4a3d06c70e34 100644
--- a/drivers/media/platform/allegro-dvt/allegro-core.c
+++ b/drivers/media/platform/allegro-dvt/allegro-core.c
@@ -2815,7 +2815,7 @@ static void allegro_buf_queue(struct vb2_buffer *vb)
unsigned int i;
for (i = 0; i < vb->num_planes; i++)
- vb->planes[i].bytesused = 0;
+ vb2_set_plane_payload(vb, i, 0);
vbuf->field = V4L2_FIELD_NONE;
vbuf->sequence = channel->csequence++;
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
index 7457451ebff0..3a8d19243d41 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
@@ -959,7 +959,7 @@ static void vb2ops_venc_stop_streaming(struct vb2_queue *q)
if (q->type == V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE) {
while ((dst_buf = v4l2_m2m_dst_buf_remove(ctx->m2m_ctx))) {
- dst_buf->vb2_buf.planes[0].bytesused = 0;
+ vb2_set_plane_payload(&dst_buf->vb2_buf, 0, 0);
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
}
/* STREAMOFF on the CAPTURE queue completes any ongoing flush */
@@ -1068,7 +1068,7 @@ static int mtk_venc_encode_header(void *priv)
NULL, &bs_buf, &enc_result);
if (ret) {
- dst_buf->vb2_buf.planes[0].bytesused = 0;
+ vb2_set_plane_payload(&dst_buf->vb2_buf, 0, 0);
ctx->state = MTK_STATE_ABORT;
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
mtk_v4l2_err("venc_if_encode failed=%d", ret);
@@ -1083,7 +1083,7 @@ static int mtk_venc_encode_header(void *priv)
}
ctx->state = MTK_STATE_HEADER;
- dst_buf->vb2_buf.planes[0].bytesused = enc_result.bs_size;
+ vb2_set_plane_payload(&dst_buf->vb2_buf, 0, enc_result.bs_size);
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_DONE);
return 0;
@@ -1232,12 +1232,12 @@ static void mtk_venc_worker(struct work_struct *work)
if (ret) {
v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_ERROR);
- dst_buf->vb2_buf.planes[0].bytesused = 0;
+ vb2_set_plane_payload(&dst_buf->vb2_buf, 0, 0);
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
mtk_v4l2_err("venc_if_encode failed=%d", ret);
} else {
v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_DONE);
- dst_buf->vb2_buf.planes[0].bytesused = enc_result.bs_size;
+ vb2_set_plane_payload(&dst_buf->vb2_buf, 0, enc_result.bs_size);
v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_DONE);
mtk_v4l2_debug(2, "venc_if_encode bs size=%d",
enc_result.bs_size);
diff --git a/drivers/media/test-drivers/vicodec/vicodec-core.c b/drivers/media/test-drivers/vicodec/vicodec-core.c
index 33f1c893c1b6..be43f7d32df9 100644
--- a/drivers/media/test-drivers/vicodec/vicodec-core.c
+++ b/drivers/media/test-drivers/vicodec/vicodec-core.c
@@ -1443,7 +1443,7 @@ static void vicodec_buf_queue(struct vb2_buffer *vb)
unsigned int i;
for (i = 0; i < vb->num_planes; i++)
- vb->planes[i].bytesused = 0;
+ vb2_set_plane_payload(vb, i, 0);
vbuf->field = V4L2_FIELD_NONE;
vbuf->sequence =
diff --git a/drivers/media/usb/go7007/go7007-driver.c b/drivers/media/usb/go7007/go7007-driver.c
index 6650eab913d8..0c24e2984304 100644
--- a/drivers/media/usb/go7007/go7007-driver.c
+++ b/drivers/media/usb/go7007/go7007-driver.c
@@ -516,7 +516,7 @@ void go7007_parse_video_stream(struct go7007 *go, u8 *buf, int length)
if (vb && vb->vb.vb2_buf.planes[0].bytesused >=
GO7007_BUF_SIZE - 3) {
v4l2_info(&go->v4l2_dev, "dropping oversized frame\n");
- vb->vb.vb2_buf.planes[0].bytesused = 0;
+ vb2_set_plane_payload(&vb->vb.vb2_buf, 0, 0);
vb->frame_offset = 0;
vb->modet_active = 0;
vb = go->active_buf = NULL;
diff --git a/drivers/staging/media/meson/vdec/vdec_helpers.c b/drivers/staging/media/meson/vdec/vdec_helpers.c
index b9125c295d1d..1ade7485d5a6 100644
--- a/drivers/staging/media/meson/vdec/vdec_helpers.c
+++ b/drivers/staging/media/meson/vdec/vdec_helpers.c
@@ -276,13 +276,13 @@ static void dst_buf_done(struct amvdec_session *sess,
switch (sess->pixfmt_cap) {
case V4L2_PIX_FMT_NV12M:
- vbuf->vb2_buf.planes[0].bytesused = output_size;
- vbuf->vb2_buf.planes[1].bytesused = output_size / 2;
+ vb2_set_plane_payload(vbuf->vb2_buf, 0, output_size);
+ vb2_set_plane_payload(vbuf->vb2_buf, 1, output_size / 2);
break;
case V4L2_PIX_FMT_YUV420M:
- vbuf->vb2_buf.planes[0].bytesused = output_size;
- vbuf->vb2_buf.planes[1].bytesused = output_size / 4;
- vbuf->vb2_buf.planes[2].bytesused = output_size / 4;
+ vb2_set_plane_payload(vbuf->vb2_buf, 0, output_size);
+ vb2_set_plane_payload(vbuf->vb2_buf, 1, output_size / 4);
+ vb2_set_plane_payload(vbuf->vb2_buf, 2, output_size / 4);
break;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length
2021-11-08 19:39 [PATCH 0/2] media: videobuf2: make sure bytesused is smaller than the buffer size Dafna Hirschfeld
2021-11-08 19:39 ` [PATCH 1/2] media: replace setting of bytesused with vb2_set_plane_payload Dafna Hirschfeld
@ 2021-11-08 19:39 ` Dafna Hirschfeld
2021-11-10 8:58 ` Hans Verkuil
1 sibling, 1 reply; 7+ messages in thread
From: Dafna Hirschfeld @ 2021-11-08 19:39 UTC (permalink / raw)
To: linux-media
Cc: Dafna Hirschfeld, kernel, laurent.pinchart, hverkuil, dafna3,
sakari.ailus, mchehab
In function vb2_set_plane_payload, report if the
given bytesused is bigger than the buffer size.
Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
---
include/media/videobuf2-core.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h
index 2467284e5f26..ffaa1f3361c3 100644
--- a/include/media/videobuf2-core.h
+++ b/include/media/videobuf2-core.h
@@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q)
static inline void vb2_set_plane_payload(struct vb2_buffer *vb,
unsigned int plane_no, unsigned long size)
{
- if (plane_no < vb->num_planes)
+ if (plane_no < vb->num_planes) {
+ WARN_ON(size > vb->planes[plane_no].length);
vb->planes[plane_no].bytesused = size;
+ }
}
/**
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length
2021-11-08 19:39 ` [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length Dafna Hirschfeld
@ 2021-11-10 8:58 ` Hans Verkuil
2021-11-10 14:49 ` Laurent Pinchart
0 siblings, 1 reply; 7+ messages in thread
From: Hans Verkuil @ 2021-11-10 8:58 UTC (permalink / raw)
To: Dafna Hirschfeld, linux-media
Cc: kernel, laurent.pinchart, dafna3, sakari.ailus, mchehab
On 08/11/2021 20:39, Dafna Hirschfeld wrote:
> In function vb2_set_plane_payload, report if the
> given bytesused is bigger than the buffer size.
>
> Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
> ---
> include/media/videobuf2-core.h | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h
> index 2467284e5f26..ffaa1f3361c3 100644
> --- a/include/media/videobuf2-core.h
> +++ b/include/media/videobuf2-core.h
> @@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q)
> static inline void vb2_set_plane_payload(struct vb2_buffer *vb,
> unsigned int plane_no, unsigned long size)
> {
> - if (plane_no < vb->num_planes)
> + if (plane_no < vb->num_planes) {
> + WARN_ON(size > vb->planes[plane_no].length);
I would change this to:
/*
* size must never be larger than the buffer length, so
* warn and clamp to the buffer length if that's the case.
*/
if (WARN_ON(size > vb->planes[plane_no].length))
size = vb->planes[plane_no].length;
Regards,
Hans
> vb->planes[plane_no].bytesused = size;
> + }
> }
>
> /**
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] media: replace setting of bytesused with vb2_set_plane_payload
2021-11-08 19:39 ` [PATCH 1/2] media: replace setting of bytesused with vb2_set_plane_payload Dafna Hirschfeld
@ 2021-11-10 14:45 ` Laurent Pinchart
0 siblings, 0 replies; 7+ messages in thread
From: Laurent Pinchart @ 2021-11-10 14:45 UTC (permalink / raw)
To: Dafna Hirschfeld
Cc: linux-media, kernel, hverkuil, dafna3, sakari.ailus, mchehab
Hi Dafna,
Thank you for the patch.
On Mon, Nov 08, 2021 at 09:39:32PM +0200, Dafna Hirschfeld wrote:
> In many places the bytesused field of struct vb2_buffer is set
> directly. Replace that with the function call
> vb2_set_plane_payload
>
> Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
> ---
> drivers/media/platform/allegro-dvt/allegro-core.c | 2 +-
> drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c | 10 +++++-----
> drivers/media/test-drivers/vicodec/vicodec-core.c | 2 +-
> drivers/media/usb/go7007/go7007-driver.c | 2 +-
> drivers/staging/media/meson/vdec/vdec_helpers.c | 10 +++++-----
> 5 files changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/media/platform/allegro-dvt/allegro-core.c b/drivers/media/platform/allegro-dvt/allegro-core.c
> index c8156da33043..4a3d06c70e34 100644
> --- a/drivers/media/platform/allegro-dvt/allegro-core.c
> +++ b/drivers/media/platform/allegro-dvt/allegro-core.c
> @@ -2815,7 +2815,7 @@ static void allegro_buf_queue(struct vb2_buffer *vb)
> unsigned int i;
>
> for (i = 0; i < vb->num_planes; i++)
> - vb->planes[i].bytesused = 0;
> + vb2_set_plane_payload(vb, i, 0);
>
> vbuf->field = V4L2_FIELD_NONE;
> vbuf->sequence = channel->csequence++;
> diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
> index 7457451ebff0..3a8d19243d41 100644
> --- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
> +++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
> @@ -959,7 +959,7 @@ static void vb2ops_venc_stop_streaming(struct vb2_queue *q)
>
> if (q->type == V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE) {
> while ((dst_buf = v4l2_m2m_dst_buf_remove(ctx->m2m_ctx))) {
> - dst_buf->vb2_buf.planes[0].bytesused = 0;
> + vb2_set_plane_payload(&dst_buf->vb2_buf, 0, 0);
> v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
> }
> /* STREAMOFF on the CAPTURE queue completes any ongoing flush */
> @@ -1068,7 +1068,7 @@ static int mtk_venc_encode_header(void *priv)
> NULL, &bs_buf, &enc_result);
>
> if (ret) {
> - dst_buf->vb2_buf.planes[0].bytesused = 0;
> + vb2_set_plane_payload(&dst_buf->vb2_buf, 0, 0);
> ctx->state = MTK_STATE_ABORT;
> v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
> mtk_v4l2_err("venc_if_encode failed=%d", ret);
> @@ -1083,7 +1083,7 @@ static int mtk_venc_encode_header(void *priv)
> }
>
> ctx->state = MTK_STATE_HEADER;
> - dst_buf->vb2_buf.planes[0].bytesused = enc_result.bs_size;
> + vb2_set_plane_payload(&dst_buf->vb2_buf, 0, enc_result.bs_size);
> v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_DONE);
>
> return 0;
> @@ -1232,12 +1232,12 @@ static void mtk_venc_worker(struct work_struct *work)
>
> if (ret) {
> v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_ERROR);
> - dst_buf->vb2_buf.planes[0].bytesused = 0;
> + vb2_set_plane_payload(&dst_buf->vb2_buf, 0, 0);
> v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_ERROR);
> mtk_v4l2_err("venc_if_encode failed=%d", ret);
> } else {
> v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_DONE);
> - dst_buf->vb2_buf.planes[0].bytesused = enc_result.bs_size;
> + vb2_set_plane_payload(&dst_buf->vb2_buf, 0, enc_result.bs_size);
> v4l2_m2m_buf_done(dst_buf, VB2_BUF_STATE_DONE);
> mtk_v4l2_debug(2, "venc_if_encode bs size=%d",
> enc_result.bs_size);
> diff --git a/drivers/media/test-drivers/vicodec/vicodec-core.c b/drivers/media/test-drivers/vicodec/vicodec-core.c
> index 33f1c893c1b6..be43f7d32df9 100644
> --- a/drivers/media/test-drivers/vicodec/vicodec-core.c
> +++ b/drivers/media/test-drivers/vicodec/vicodec-core.c
> @@ -1443,7 +1443,7 @@ static void vicodec_buf_queue(struct vb2_buffer *vb)
> unsigned int i;
>
> for (i = 0; i < vb->num_planes; i++)
> - vb->planes[i].bytesused = 0;
> + vb2_set_plane_payload(vb, i, 0);
>
> vbuf->field = V4L2_FIELD_NONE;
> vbuf->sequence =
> diff --git a/drivers/media/usb/go7007/go7007-driver.c b/drivers/media/usb/go7007/go7007-driver.c
> index 6650eab913d8..0c24e2984304 100644
> --- a/drivers/media/usb/go7007/go7007-driver.c
> +++ b/drivers/media/usb/go7007/go7007-driver.c
> @@ -516,7 +516,7 @@ void go7007_parse_video_stream(struct go7007 *go, u8 *buf, int length)
> if (vb && vb->vb.vb2_buf.planes[0].bytesused >=
> GO7007_BUF_SIZE - 3) {
> v4l2_info(&go->v4l2_dev, "dropping oversized frame\n");
> - vb->vb.vb2_buf.planes[0].bytesused = 0;
> + vb2_set_plane_payload(&vb->vb.vb2_buf, 0, 0);
> vb->frame_offset = 0;
> vb->modet_active = 0;
> vb = go->active_buf = NULL;
> diff --git a/drivers/staging/media/meson/vdec/vdec_helpers.c b/drivers/staging/media/meson/vdec/vdec_helpers.c
> index b9125c295d1d..1ade7485d5a6 100644
> --- a/drivers/staging/media/meson/vdec/vdec_helpers.c
> +++ b/drivers/staging/media/meson/vdec/vdec_helpers.c
> @@ -276,13 +276,13 @@ static void dst_buf_done(struct amvdec_session *sess,
>
> switch (sess->pixfmt_cap) {
> case V4L2_PIX_FMT_NV12M:
> - vbuf->vb2_buf.planes[0].bytesused = output_size;
> - vbuf->vb2_buf.planes[1].bytesused = output_size / 2;
> + vb2_set_plane_payload(vbuf->vb2_buf, 0, output_size);
> + vb2_set_plane_payload(vbuf->vb2_buf, 1, output_size / 2);
> break;
> case V4L2_PIX_FMT_YUV420M:
> - vbuf->vb2_buf.planes[0].bytesused = output_size;
> - vbuf->vb2_buf.planes[1].bytesused = output_size / 4;
> - vbuf->vb2_buf.planes[2].bytesused = output_size / 4;
> + vb2_set_plane_payload(vbuf->vb2_buf, 0, output_size);
> + vb2_set_plane_payload(vbuf->vb2_buf, 1, output_size / 4);
> + vb2_set_plane_payload(vbuf->vb2_buf, 2, output_size / 4);
> break;
> }
>
--
Regards,
Laurent Pinchart
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length
2021-11-10 8:58 ` Hans Verkuil
@ 2021-11-10 14:49 ` Laurent Pinchart
2021-11-10 15:04 ` Hans Verkuil
0 siblings, 1 reply; 7+ messages in thread
From: Laurent Pinchart @ 2021-11-10 14:49 UTC (permalink / raw)
To: Hans Verkuil
Cc: Dafna Hirschfeld, linux-media, kernel, dafna3, sakari.ailus, mchehab
On Wed, Nov 10, 2021 at 09:58:02AM +0100, Hans Verkuil wrote:
> On 08/11/2021 20:39, Dafna Hirschfeld wrote:
> > In function vb2_set_plane_payload, report if the
> > given bytesused is bigger than the buffer size.
> >
> > Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
> > ---
> > include/media/videobuf2-core.h | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h
> > index 2467284e5f26..ffaa1f3361c3 100644
> > --- a/include/media/videobuf2-core.h
> > +++ b/include/media/videobuf2-core.h
> > @@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q)
> > static inline void vb2_set_plane_payload(struct vb2_buffer *vb,
> > unsigned int plane_no, unsigned long size)
> > {
> > - if (plane_no < vb->num_planes)
> > + if (plane_no < vb->num_planes) {
> > + WARN_ON(size > vb->planes[plane_no].length);
>
> I would change this to:
>
> /*
> * size must never be larger than the buffer length, so
> * warn and clamp to the buffer length if that's the case.
> */
> if (WARN_ON(size > vb->planes[plane_no].length))
> size = vb->planes[plane_no].length;
Should this also be a WARN_ON_ONCE() ? If it occurs once there's a large
risk it will occur very frequently, and flood the kernel log.
> > vb->planes[plane_no].bytesused = size;
> > + }
> > }
> >
> > /**
--
Regards,
Laurent Pinchart
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length
2021-11-10 14:49 ` Laurent Pinchart
@ 2021-11-10 15:04 ` Hans Verkuil
0 siblings, 0 replies; 7+ messages in thread
From: Hans Verkuil @ 2021-11-10 15:04 UTC (permalink / raw)
To: Laurent Pinchart
Cc: Dafna Hirschfeld, linux-media, kernel, dafna3, sakari.ailus, mchehab
On 10/11/2021 15:49, Laurent Pinchart wrote:
> On Wed, Nov 10, 2021 at 09:58:02AM +0100, Hans Verkuil wrote:
>> On 08/11/2021 20:39, Dafna Hirschfeld wrote:
>>> In function vb2_set_plane_payload, report if the
>>> given bytesused is bigger than the buffer size.
>>>
>>> Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
>>> ---
>>> include/media/videobuf2-core.h | 4 +++-
>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h
>>> index 2467284e5f26..ffaa1f3361c3 100644
>>> --- a/include/media/videobuf2-core.h
>>> +++ b/include/media/videobuf2-core.h
>>> @@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q)
>>> static inline void vb2_set_plane_payload(struct vb2_buffer *vb,
>>> unsigned int plane_no, unsigned long size)
>>> {
>>> - if (plane_no < vb->num_planes)
>>> + if (plane_no < vb->num_planes) {
>>> + WARN_ON(size > vb->planes[plane_no].length);
>>
>> I would change this to:
>>
>> /*
>> * size must never be larger than the buffer length, so
>> * warn and clamp to the buffer length if that's the case.
>> */
>> if (WARN_ON(size > vb->planes[plane_no].length))
>> size = vb->planes[plane_no].length;
>
> Should this also be a WARN_ON_ONCE() ? If it occurs once there's a large
> risk it will occur very frequently, and flood the kernel log.
Good point. I agree with that.
Regards,
Hans
>
>>> vb->planes[plane_no].bytesused = size;
>>> + }
>>> }
>>>
>>> /**
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-11-10 15:05 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-08 19:39 [PATCH 0/2] media: videobuf2: make sure bytesused is smaller than the buffer size Dafna Hirschfeld
2021-11-08 19:39 ` [PATCH 1/2] media: replace setting of bytesused with vb2_set_plane_payload Dafna Hirschfeld
2021-11-10 14:45 ` Laurent Pinchart
2021-11-08 19:39 ` [PATCH 2/2] media: videobuf2: add WARN_ON if bytesused is bigger than buffer length Dafna Hirschfeld
2021-11-10 8:58 ` Hans Verkuil
2021-11-10 14:49 ` Laurent Pinchart
2021-11-10 15:04 ` Hans Verkuil
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.