On 04/23/2014 02:18 AM, n179911 wrote: > In __qbuf_dmabuf(), it check the length and size of the buffer being > queued, like this: > http://lxr.free-electrons.com/source/drivers/media/v4l2-core/videobuf2-core.c#L1158 > > My question is why the range check is liked this: > > 1158 if (planes[plane].length < planes[plane].data_offset + > 1159 q->plane_sizes[plane]) { It's a bug. It should be: if (planes[plane].length < q->plane_sizes[plane]) { This has been fixed in our upstream code and will appear in 3.16. Regards, Hans > ..... > > Isn't planes[plane].length + planes[plane].data_offset equals to > q->plane_sizes[plane]? > > So the check should be? > if (planes[plane].length < q->plane_sizes[plane] - planes[plane].data_offset) > > Please tell me what am I missing? > > Thank you > -- > To unsubscribe from this list: send the line "unsubscribe linux-media" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
