| Message ID | 20190221142148.3412-4-hverkuil-cisco@xs4all.nl (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Various core and virtual driver fixes | expand |
Hi Hans, Thank you for the patch. On Thu, Feb 21, 2019 at 03:21:44PM +0100, Hans Verkuil wrote: > When vivid is unloaded it used vfree to free dev->bitmap_out, > but it was actually allocated using kmalloc. Use vzalloc > instead, conform what vivid-vid-cap.c does. > > Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > --- > drivers/media/platform/vivid/vivid-vid-out.c | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > > diff --git a/drivers/media/platform/vivid/vivid-vid-out.c b/drivers/media/platform/vivid/vivid-vid-out.c > index e61b91b414f9..9350ca65dd91 100644 > --- a/drivers/media/platform/vivid/vivid-vid-out.c > +++ b/drivers/media/platform/vivid/vivid-vid-out.c > @@ -798,7 +798,7 @@ int vivid_vid_out_s_selection(struct file *file, void *fh, struct v4l2_selection > s->r.height *= factor; > if (dev->bitmap_out && (compose->width != s->r.width || > compose->height != s->r.height)) { > - kfree(dev->bitmap_out); > + vfree(dev->bitmap_out); > dev->bitmap_out = NULL; > } > *compose = s->r; > @@ -941,15 +941,19 @@ int vidioc_s_fmt_vid_out_overlay(struct file *file, void *priv, > return ret; > > if (win->bitmap) { > - new_bitmap = memdup_user(win->bitmap, bitmap_size); > + new_bitmap = vzalloc(bitmap_size); > > - if (IS_ERR(new_bitmap)) > - return PTR_ERR(new_bitmap); > + if (!new_bitmap) > + return -ENOMEM; > + if (copy_from_user(new_bitmap, win->bitmap, bitmap_size)) { > + vfree(new_bitmap); > + return -EFAULT; > + } > } > > dev->overlay_out_top = win->w.top; > dev->overlay_out_left = win->w.left; > - kfree(dev->bitmap_out); > + vfree(dev->bitmap_out); > dev->bitmap_out = new_bitmap; > dev->clipcount_out = win->clipcount; > if (dev->clipcount_out)
diff --git a/drivers/media/platform/vivid/vivid-vid-out.c b/drivers/media/platform/vivid/vivid-vid-out.c index e61b91b414f9..9350ca65dd91 100644 --- a/drivers/media/platform/vivid/vivid-vid-out.c +++ b/drivers/media/platform/vivid/vivid-vid-out.c @@ -798,7 +798,7 @@ int vivid_vid_out_s_selection(struct file *file, void *fh, struct v4l2_selection s->r.height *= factor; if (dev->bitmap_out && (compose->width != s->r.width || compose->height != s->r.height)) { - kfree(dev->bitmap_out); + vfree(dev->bitmap_out); dev->bitmap_out = NULL; } *compose = s->r; @@ -941,15 +941,19 @@ int vidioc_s_fmt_vid_out_overlay(struct file *file, void *priv, return ret; if (win->bitmap) { - new_bitmap = memdup_user(win->bitmap, bitmap_size); + new_bitmap = vzalloc(bitmap_size); - if (IS_ERR(new_bitmap)) - return PTR_ERR(new_bitmap); + if (!new_bitmap) + return -ENOMEM; + if (copy_from_user(new_bitmap, win->bitmap, bitmap_size)) { + vfree(new_bitmap); + return -EFAULT; + } } dev->overlay_out_top = win->w.top; dev->overlay_out_left = win->w.left; - kfree(dev->bitmap_out); + vfree(dev->bitmap_out); dev->bitmap_out = new_bitmap; dev->clipcount_out = win->clipcount; if (dev->clipcount_out)
When vivid is unloaded it used vfree to free dev->bitmap_out, but it was actually allocated using kmalloc. Use vzalloc instead, conform what vivid-vid-cap.c does. Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> --- drivers/media/platform/vivid/vivid-vid-out.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-)