From: Philipp Zabel Date: Wed, 8 Oct 2014 16:09:27 +0000 (-0300) Subject: [media] coda: drop JPEG buffers not framed by SOI and EOI markers X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=edc16cb1159c03864c74fd0411ec5d0bcce845be;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git [media] coda: drop JPEG buffers not framed by SOI and EOI markers This patch adds a quick check for valid JPEG frames before feeding them into the bitstream buffer: Frames that do not begin with the JPEG start of image marker and end with the end of image marker are dropped. Signed-off-by: Philipp Zabel Signed-off-by: Kamil Debski Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c index 0c67cfd23c16..b4029ae293d3 100644 --- a/drivers/media/platform/coda/coda-bit.c +++ b/drivers/media/platform/coda/coda-bit.c @@ -231,6 +231,16 @@ void coda_fill_bitstream(struct coda_ctx *ctx) src_buf = v4l2_m2m_next_src_buf(ctx->fh.m2m_ctx); + /* Drop frames that do not start/end with a SOI/EOI markers */ + if (ctx->codec->src_fourcc == V4L2_PIX_FMT_JPEG && + !coda_jpeg_check_buffer(ctx, src_buf)) { + v4l2_err(&ctx->dev->v4l2_dev, + "dropping invalid JPEG frame\n"); + src_buf = v4l2_m2m_src_buf_remove(ctx->fh.m2m_ctx); + v4l2_m2m_buf_done(src_buf, VB2_BUF_STATE_ERROR); + continue; + } + /* Buffer start position */ start = ctx->bitstream_fifo.kfifo.in & ctx->bitstream_fifo.kfifo.mask; diff --git a/drivers/media/platform/coda/coda-jpeg.c b/drivers/media/platform/coda/coda-jpeg.c index 967b0159c8b9..8fa3e353f9e2 100644 --- a/drivers/media/platform/coda/coda-jpeg.c +++ b/drivers/media/platform/coda/coda-jpeg.c @@ -14,6 +14,9 @@ #include "coda.h" +#define SOI_MARKER 0xffd8 +#define EOI_MARKER 0xffd9 + /* * Typical Huffman tables for 8-bit precision luminance and * chrominance from JPEG ITU-T.81 (ISO/IEC 10918-1) Annex K.3 @@ -174,6 +177,16 @@ int coda_jpeg_write_tables(struct coda_ctx *ctx) return 0; } +bool coda_jpeg_check_buffer(struct coda_ctx *ctx, struct vb2_buffer *vb) +{ + void *vaddr = vb2_plane_vaddr(vb, 0); + u16 soi = be16_to_cpup((__be16 *)vaddr); + u16 eoi = be16_to_cpup((__be16 *)(vaddr + + vb2_get_plane_payload(vb, 0) - 2)); + + return soi == SOI_MARKER && eoi == EOI_MARKER; +} + /* * Scale quantization table using nonlinear scaling factor * u8 qtab[64], scale [50,190] diff --git a/drivers/media/platform/coda/coda.h b/drivers/media/platform/coda/coda.h index 8dd81a75c2fb..5dd47e5f97c1 100644 --- a/drivers/media/platform/coda/coda.h +++ b/drivers/media/platform/coda/coda.h @@ -293,6 +293,7 @@ void coda_bit_stream_end_flag(struct coda_ctx *ctx); int coda_h264_padding(int size, char *p); +bool coda_jpeg_check_buffer(struct coda_ctx *ctx, struct vb2_buffer *vb); int coda_jpeg_write_tables(struct coda_ctx *ctx); void coda_set_jpeg_compression_quality(struct coda_ctx *ctx, int quality);