Hi,
Is there a work around for this bug without upgrading to 3.16 kernel?
Is it safe to manually set the length to be data_offset + size + 1 to make sure
planes[plane].length is greater than planes[plane].data_offset +
q->plane_sizes[plane]?
Thank you.
On Wed, Apr 23, 2014 at 12:24 AM, Hans Verkuil <hverkuil@xxxxxxxxx> wrote:
> On 04/23/2014 02:18 AM, n179911 wrote:
>> In __qbuf_dmabuf(), it check the length and size of the buffer being
>> queued, like this:
>> http://lxr.free-electrons.com/source/drivers/media/v4l2-core/videobuf2-core.c#L1158
>>
>> My question is why the range check is liked this:
>>
>> 1158 if (planes[plane].length < planes[plane].data_offset +
>> 1159 q->plane_sizes[plane]) {
>
> It's a bug. It should be:
>
> if (planes[plane].length < q->plane_sizes[plane]) {
>
> This has been fixed in our upstream code and will appear in 3.16.
>
> Regards,
>
> Hans
>
>> .....
>>
>> Isn't planes[plane].length + planes[plane].data_offset equals to
>> q->plane_sizes[plane]?
>>
>> So the check should be?
>> if (planes[plane].length < q->plane_sizes[plane] - planes[plane].data_offset)
>>
>> Please tell me what am I missing?
>>
>> Thank you
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-media" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
