Hi Hans,
Thank you for the patch.
On Thu, Feb 21, 2019 at 03:21:44PM +0100, Hans Verkuil wrote:
> When vivid is unloaded it used vfree to free dev->bitmap_out,
> but it was actually allocated using kmalloc. Use vzalloc
> instead, conform what vivid-vid-cap.c does.
>
> Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Reviewed-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx>
> ---
> drivers/media/platform/vivid/vivid-vid-out.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/media/platform/vivid/vivid-vid-out.c b/drivers/media/platform/vivid/vivid-vid-out.c
> index e61b91b414f9..9350ca65dd91 100644
> --- a/drivers/media/platform/vivid/vivid-vid-out.c
> +++ b/drivers/media/platform/vivid/vivid-vid-out.c
> @@ -798,7 +798,7 @@ int vivid_vid_out_s_selection(struct file *file, void *fh, struct v4l2_selection
> s->r.height *= factor;
> if (dev->bitmap_out && (compose->width != s->r.width ||
> compose->height != s->r.height)) {
> - kfree(dev->bitmap_out);
> + vfree(dev->bitmap_out);
> dev->bitmap_out = NULL;
> }
> *compose = s->r;
> @@ -941,15 +941,19 @@ int vidioc_s_fmt_vid_out_overlay(struct file *file, void *priv,
> return ret;
>
> if (win->bitmap) {
> - new_bitmap = memdup_user(win->bitmap, bitmap_size);
> + new_bitmap = vzalloc(bitmap_size);
>
> - if (IS_ERR(new_bitmap))
> - return PTR_ERR(new_bitmap);
> + if (!new_bitmap)
> + return -ENOMEM;
> + if (copy_from_user(new_bitmap, win->bitmap, bitmap_size)) {
> + vfree(new_bitmap);
> + return -EFAULT;
> + }
> }
>
> dev->overlay_out_top = win->w.top;
> dev->overlay_out_left = win->w.left;
> - kfree(dev->bitmap_out);
> + vfree(dev->bitmap_out);
> dev->bitmap_out = new_bitmap;
> dev->clipcount_out = win->clipcount;
> if (dev->clipcount_out)
--
Regards,
Laurent Pinchart
