From: Philipp Zabel
Date: Wed, 8 Oct 2014 16:09:27 +0000 (-0300)
Subject: [media] coda: drop JPEG buffers not framed by SOI and EOI markers
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=edc16cb1159c03864c74fd0411ec5d0bcce845be;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git
[media] coda: drop JPEG buffers not framed by SOI and EOI markers
This patch adds a quick check for valid JPEG frames before feeding them into
the bitstream buffer: Frames that do not begin with the JPEG start of image
marker and end with the end of image marker are dropped.
Signed-off-by: Philipp Zabel
Signed-off-by: Kamil Debski
Signed-off-by: Mauro Carvalho Chehab
---
diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c
index 0c67cfd23c16..b4029ae293d3 100644
--- a/drivers/media/platform/coda/coda-bit.c
+++ b/drivers/media/platform/coda/coda-bit.c
@@ -231,6 +231,16 @@ void coda_fill_bitstream(struct coda_ctx *ctx)
src_buf = v4l2_m2m_next_src_buf(ctx->fh.m2m_ctx);
+ /* Drop frames that do not start/end with a SOI/EOI markers */
+ if (ctx->codec->src_fourcc == V4L2_PIX_FMT_JPEG &&
+ !coda_jpeg_check_buffer(ctx, src_buf)) {
+ v4l2_err(&ctx->dev->v4l2_dev,
+ "dropping invalid JPEG frame\n");
+ src_buf = v4l2_m2m_src_buf_remove(ctx->fh.m2m_ctx);
+ v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_ERROR);
+ continue;
+ }
+
/* Buffer start position */
start = ctx->bitstream_fifo.kfifo.in &
ctx->bitstream_fifo.kfifo.mask;
diff --git a/drivers/media/platform/coda/coda-jpeg.c b/drivers/media/platform/coda/coda-jpeg.c
index 967b0159c8b9..8fa3e353f9e2 100644
--- a/drivers/media/platform/coda/coda-jpeg.c
+++ b/drivers/media/platform/coda/coda-jpeg.c
@@ -14,6 +14,9 @@
#include "coda.h"
+#define SOI_MARKER 0xffd8
+#define EOI_MARKER 0xffd9
+
/*
* Typical Huffman tables for 8-bit precision luminance and
* chrominance from JPEG ITU-T.81 (ISO/IEC 10918-1) Annex K.3
@@ -174,6 +177,16 @@ int coda_jpeg_write_tables(struct coda_ctx *ctx)
return 0;
}
+bool coda_jpeg_check_buffer(struct coda_ctx *ctx, struct vb2_buffer *vb)
+{
+ void *vaddr = vb2_plane_vaddr(vb, 0);
+ u16 soi = be16_to_cpup((__be16 *)vaddr);
+ u16 eoi = be16_to_cpup((__be16 *)(vaddr +
+ vb2_get_plane_payload(vb, 0) - 2));
+
+ return soi == SOI_MARKER && eoi == EOI_MARKER;
+}
+
/*
* Scale quantization table using nonlinear scaling factor
* u8 qtab[64], scale [50,190]
diff --git a/drivers/media/platform/coda/coda.h b/drivers/media/platform/coda/coda.h
index 8dd81a75c2fb..5dd47e5f97c1 100644
--- a/drivers/media/platform/coda/coda.h
+++ b/drivers/media/platform/coda/coda.h
@@ -293,6 +293,7 @@ void coda_bit_stream_end_flag(struct coda_ctx *ctx);
int coda_h264_padding(int size, char *p);
+bool coda_jpeg_check_buffer(struct coda_ctx *ctx, struct vb2_buffer *vb);
int coda_jpeg_write_tables(struct coda_ctx *ctx);
void coda_set_jpeg_compression_quality(struct coda_ctx *ctx, int quality);