| Message ID | 20211108193933.20369-3-dafna.hirschfeld@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | media: videobuf2: make sure bytesused is smaller than the buffer size | expand |
On 08/11/2021 20:39, Dafna Hirschfeld wrote: > In function vb2_set_plane_payload, report if the > given bytesused is bigger than the buffer size. > > Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com> > --- > include/media/videobuf2-core.h | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h > index 2467284e5f26..ffaa1f3361c3 100644 > --- a/include/media/videobuf2-core.h > +++ b/include/media/videobuf2-core.h > @@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q) > static inline void vb2_set_plane_payload(struct vb2_buffer *vb, > unsigned int plane_no, unsigned long size) > { > - if (plane_no < vb->num_planes) > + if (plane_no < vb->num_planes) { > + WARN_ON(size > vb->planes[plane_no].length); I would change this to: /* * size must never be larger than the buffer length, so * warn and clamp to the buffer length if that's the case. */ if (WARN_ON(size > vb->planes[plane_no].length)) size = vb->planes[plane_no].length; Regards, Hans > vb->planes[plane_no].bytesused = size; > + } > } > > /** >
On Wed, Nov 10, 2021 at 09:58:02AM +0100, Hans Verkuil wrote: > On 08/11/2021 20:39, Dafna Hirschfeld wrote: > > In function vb2_set_plane_payload, report if the > > given bytesused is bigger than the buffer size. > > > > Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com> > > --- > > include/media/videobuf2-core.h | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h > > index 2467284e5f26..ffaa1f3361c3 100644 > > --- a/include/media/videobuf2-core.h > > +++ b/include/media/videobuf2-core.h > > @@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q) > > static inline void vb2_set_plane_payload(struct vb2_buffer *vb, > > unsigned int plane_no, unsigned long size) > > { > > - if (plane_no < vb->num_planes) > > + if (plane_no < vb->num_planes) { > > + WARN_ON(size > vb->planes[plane_no].length); > > I would change this to: > > /* > * size must never be larger than the buffer length, so > * warn and clamp to the buffer length if that's the case. > */ > if (WARN_ON(size > vb->planes[plane_no].length)) > size = vb->planes[plane_no].length; Should this also be a WARN_ON_ONCE() ? If it occurs once there's a large risk it will occur very frequently, and flood the kernel log. > > vb->planes[plane_no].bytesused = size; > > + } > > } > > > > /**
On 10/11/2021 15:49, Laurent Pinchart wrote: > On Wed, Nov 10, 2021 at 09:58:02AM +0100, Hans Verkuil wrote: >> On 08/11/2021 20:39, Dafna Hirschfeld wrote: >>> In function vb2_set_plane_payload, report if the >>> given bytesused is bigger than the buffer size. >>> >>> Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com> >>> --- >>> include/media/videobuf2-core.h | 4 +++- >>> 1 file changed, 3 insertions(+), 1 deletion(-) >>> >>> diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h >>> index 2467284e5f26..ffaa1f3361c3 100644 >>> --- a/include/media/videobuf2-core.h >>> +++ b/include/media/videobuf2-core.h >>> @@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q) >>> static inline void vb2_set_plane_payload(struct vb2_buffer *vb, >>> unsigned int plane_no, unsigned long size) >>> { >>> - if (plane_no < vb->num_planes) >>> + if (plane_no < vb->num_planes) { >>> + WARN_ON(size > vb->planes[plane_no].length); >> >> I would change this to: >> >> /* >> * size must never be larger than the buffer length, so >> * warn and clamp to the buffer length if that's the case. >> */ >> if (WARN_ON(size > vb->planes[plane_no].length)) >> size = vb->planes[plane_no].length; > > Should this also be a WARN_ON_ONCE() ? If it occurs once there's a large > risk it will occur very frequently, and flood the kernel log. Good point. I agree with that. Regards, Hans > >>> vb->planes[plane_no].bytesused = size; >>> + } >>> } >>> >>> /** >
diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h index 2467284e5f26..ffaa1f3361c3 100644 --- a/include/media/videobuf2-core.h +++ b/include/media/videobuf2-core.h @@ -1155,8 +1155,10 @@ static inline void *vb2_get_drv_priv(struct vb2_queue *q) static inline void vb2_set_plane_payload(struct vb2_buffer *vb, unsigned int plane_no, unsigned long size) { - if (plane_no < vb->num_planes) + if (plane_no < vb->num_planes) { + WARN_ON(size > vb->planes[plane_no].length); vb->planes[plane_no].bytesused = size; + } } /**
In function vb2_set_plane_payload, report if the given bytesused is bigger than the buffer size. Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com> --- include/media/videobuf2-core.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)