On Wednesday 01 October 2014 00:42:51 Laurent Pinchart wrote:
> Commit e93e7fd9f5a3fffec7792dbcc4c3574653effda7 ("v4l2: uvcvideo: Allow
> using larger buffers") reworked the buffer size sanity check at buffer
> completion time to use the frame size instead of the allocated buffer
> size. However, it introduced two bugs in doing so:
>
> - it assigned the allocated buffer size to the frame_size field, instead
> of assigning the correct frame size
>
> - it performed the assignment in the S_FMT handler, resulting in the
> frame_size field being uninitialized if the userspace application
> doesn't call S_FMT.
>
> Fix both issues by removing the frame_size field and validating the
> buffer size against the UVC video control dwMaxFrameSize.
>
> Fixes: e93e7fd9f5a3 ("v4l2: uvcvideo: Allow using larger buffers")
> Signed-off-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx>
> ---
> drivers/media/usb/uvc/uvc_v4l2.c | 1 -
> drivers/media/usb/uvc/uvc_video.c | 2 +-
> drivers/media/usb/uvc/uvcvideo.h | 1 -
> 3 files changed, 1 insertion(+), 3 deletions(-)
>
> Guennadi, could you please test and ack this ASAP, as the bug needs to be
> fixed for v3.18-rc1 if possible ?
And, while we're at it, are you aware that the uvcvideo driver ignores the
sizeimage field in its S_FMT handler ? :-)
> diff --git a/drivers/media/usb/uvc/uvc_v4l2.c
> b/drivers/media/usb/uvc/uvc_v4l2.c index f205934..f33a067 100644
> --- a/drivers/media/usb/uvc/uvc_v4l2.c
> +++ b/drivers/media/usb/uvc/uvc_v4l2.c
> @@ -318,7 +318,6 @@ static int uvc_v4l2_set_format(struct uvc_streaming
> *stream, stream->ctrl = probe;
> stream->cur_format = format;
> stream->cur_frame = frame;
> - stream->frame_size = fmt->fmt.pix.sizeimage;
>
> done:
> mutex_unlock(&stream->mutex);
> diff --git a/drivers/media/usb/uvc/uvc_video.c
> b/drivers/media/usb/uvc/uvc_video.c index 9ace520..df81b9c 100644
> --- a/drivers/media/usb/uvc/uvc_video.c
> +++ b/drivers/media/usb/uvc/uvc_video.c
> @@ -1143,7 +1143,7 @@ static int uvc_video_encode_data(struct uvc_streaming
> *stream, static void uvc_video_validate_buffer(const struct uvc_streaming
> *stream, struct uvc_buffer *buf)
> {
> - if (stream->frame_size != buf->bytesused &&
> + if (stream->ctrl.dwMaxVideoFrameSize != buf->bytesused &&
> !(stream->cur_format->flags & UVC_FMT_FLAG_COMPRESSED))
> buf->error = 1;
> }
> diff --git a/drivers/media/usb/uvc/uvcvideo.h
> b/drivers/media/usb/uvc/uvcvideo.h index f585c08..897cfd8 100644
> --- a/drivers/media/usb/uvc/uvcvideo.h
> +++ b/drivers/media/usb/uvc/uvcvideo.h
> @@ -458,7 +458,6 @@ struct uvc_streaming {
> struct uvc_format *def_format;
> struct uvc_format *cur_format;
> struct uvc_frame *cur_frame;
> - size_t frame_size;
>
> /* Protect access to ctrl, cur_format, cur_frame and hardware video
> * probe control.
--
Regards,
Laurent Pinchart
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
