[PATCH for 6.1 2/4] vivid: dev->bitmap_cap wasn't freed in all cases

From: Hans Verkuil
Date: Mon Oct 17 2022 - 10:46:48 EST

Next message: Hans Verkuil: "[PATCH for 6.1 3/4] v4l2-dv-timings: add sanity checks for blanking values"
Previous message: Hans Verkuil: "[PATCH for 6.1 1/4] vivid: s_fbuf: add more sanity checks"
In reply to: Hans Verkuil: "[PATCH for 6.1 1/4] vivid: s_fbuf: add more sanity checks"
Next in thread: Hans Verkuil: "[PATCH for 6.1 3/4] v4l2-dv-timings: add sanity checks for blanking values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Whenever the compose width/height values change, the dev->bitmap_cap
vmalloc'ed array must be freed and dev->bitmap_cap set to NULL.

This was done in some places, but not all. This is only an issue if
overlay support is enabled and the bitmap clipping is used.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Fixes: ef834f7836ec ([media] vivid: add the video capture and output parts)
---
.../media/test-drivers/vivid/vivid-vid-cap.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c
index e3e78b5bd227..d52d24b61d34 100644
--- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c
+++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c
@@ -453,6 +453,12 @@ void vivid_update_format_cap(struct vivid_dev *dev, bool keep_controls)
tpg_reset_source(&dev->tpg, dev->src_rect.width, dev->src_rect.height, dev->field_cap);
dev->crop_cap = dev->src_rect;
dev->crop_bounds_cap = dev->src_rect;
+ if (dev->bitmap_cap &&
+ (dev->compose_cap.width != dev->crop_cap.width ||
+ dev->compose_cap.height != dev->crop_cap.height)) {
+ vfree(dev->bitmap_cap);
+ dev->bitmap_cap = NULL;
+ }
dev->compose_cap = dev->crop_cap;
if (V4L2_FIELD_HAS_T_OR_B(dev->field_cap))
dev->compose_cap.height /= 2;
@@ -913,6 +919,8 @@ int vivid_vid_cap_s_selection(struct file *file, void *fh, struct v4l2_selection
struct vivid_dev *dev = video_drvdata(file);
struct v4l2_rect *crop = &dev->crop_cap;
struct v4l2_rect *compose = &dev->compose_cap;
+ unsigned orig_compose_w = compose->width;
+ unsigned orig_compose_h = compose->height;
unsigned factor = V4L2_FIELD_HAS_T_OR_B(dev->field_cap) ? 2 : 1;
int ret;

@@ -1029,17 +1037,17 @@ int vivid_vid_cap_s_selection(struct file *file, void *fh, struct v4l2_selection
s->r.height /= factor;
}
v4l2_rect_map_inside(&s->r, &dev->fmt_cap_rect);
- if (dev->bitmap_cap && (compose->width != s->r.width ||
- compose->height != s->r.height)) {
- vfree(dev->bitmap_cap);
- dev->bitmap_cap = NULL;
- }
*compose = s->r;
break;
default:
return -EINVAL;
}

+ if (dev->bitmap_cap && (compose->width != orig_compose_w ||
+ compose->height != orig_compose_h)) {
+ vfree(dev->bitmap_cap);
+ dev->bitmap_cap = NULL;
+ }
tpg_s_crop_compose(&dev->tpg, crop, compose);
return 0;
}
--
2.35.1

Next message: Hans Verkuil: "[PATCH for 6.1 3/4] v4l2-dv-timings: add sanity checks for blanking values"
Previous message: Hans Verkuil: "[PATCH for 6.1 1/4] vivid: s_fbuf: add more sanity checks"
In reply to: Hans Verkuil: "[PATCH for 6.1 1/4] vivid: s_fbuf: add more sanity checks"
Next in thread: Hans Verkuil: "[PATCH for 6.1 3/4] v4l2-dv-timings: add sanity checks for blanking values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]