mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
From af85054aa6a1bcd38be2354921f2f80aef1440e5 Mon Sep 17 00:00:00 2001
|
|
From: "Pachika, Vikas Reddy" <vpachi@codeaurora.org>
|
|
Date: Fri, 1 Nov 2013 21:06:37 +0530
|
|
Subject: msm: vidc: Validate userspace buffer count
|
|
|
|
Makesure the number of buffers count is less than
|
|
the maximum limit to avoid structure overflow errors.
|
|
|
|
Change-Id: Icf3850de36325637ae43ac95f1c8f0f63e201d31
|
|
CRs-fixed: 563694
|
|
Signed-off-by: Pachika, Vikas Reddy <vpachi@codeaurora.org>
|
|
---
|
|
drivers/video/msm/vidc/common/dec/vdec.c | 6 ++++++
|
|
include/media/msm/vidc_init.h | 1 +
|
|
2 files changed, 7 insertions(+)
|
|
|
|
diff --git a/drivers/video/msm/vidc/common/dec/vdec.c b/drivers/video/msm/vidc/common/dec/vdec.c
|
|
index a843889..b45100f 100644
|
|
--- a/drivers/video/msm/vidc/common/dec/vdec.c
|
|
+++ b/drivers/video/msm/vidc/common/dec/vdec.c
|
|
@@ -1201,6 +1201,12 @@ static u32 vid_dec_set_h264_mv_buffers(struct video_client_ctx *client_ctx,
|
|
vcd_h264_mv_buffer->pmem_fd = mv_data->pmem_fd;
|
|
vcd_h264_mv_buffer->offset = mv_data->offset;
|
|
|
|
+ if (mv_data->count > MAX_MV_BUFFERS) {
|
|
+ ERR("MV buffers maximum count reached, count = %d",
|
|
+ mv_data->count);
|
|
+ return false;
|
|
+ }
|
|
+
|
|
if (!vcd_get_ion_status()) {
|
|
if (get_pmem_file(vcd_h264_mv_buffer->pmem_fd,
|
|
(unsigned long *) (&(vcd_h264_mv_buffer->
|
|
diff --git a/include/media/msm/vidc_init.h b/include/media/msm/vidc_init.h
|
|
index c35f770..5df0c3e 100644
|
|
--- a/include/media/msm/vidc_init.h
|
|
+++ b/include/media/msm/vidc_init.h
|
|
@@ -20,6 +20,7 @@
|
|
#define VIDC_MAX_NUM_CLIENTS 4
|
|
#define MAX_VIDEO_NUM_OF_BUFF 100
|
|
#define MAX_META_BUFFERS 32
|
|
+#define MAX_MV_BUFFERS 32
|
|
|
|
enum buffer_dir {
|
|
BUFFER_TYPE_INPUT,
|
|
--
|
|
cgit v1.1
|
|
|