From c601f53f8fe5aab4d8b506104d0fd0a7b6a19922 Mon Sep 17 00:00:00 2001 From: Laurent Pinchart Date: Tue, 30 Sep 2014 18:28:42 -0300 Subject: [PATCH] [media] v4l: uvcvideo: Fix buffer completion size check Commit e93e7fd9f5a3fffec7792dbcc4c3574653effda7 ("v4l2: uvcvideo: Allow using larger buffers") reworked the buffer size sanity check at buffer completion time to use the frame size instead of the allocated buffer size. However, it introduced two bugs in doing so: - it assigned the allocated buffer size to the frame_size field, instead of assigning the correct frame size - it performed the assignment in the S_FMT handler, resulting in the frame_size field being uninitialized if the userspace application doesn't call S_FMT. Fix both issues by removing the frame_size field and validating the buffer size against the UVC video control dwMaxFrameSize. Fixes: e93e7fd9f5a3 ("v4l2: uvcvideo: Allow using larger buffers") Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab --- drivers/media/usb/uvc/uvc_v4l2.c | 1 - drivers/media/usb/uvc/uvc_video.c | 2 +- drivers/media/usb/uvc/uvcvideo.h | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index 60a8e2c3631e..378ae02e593b 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -318,7 +318,6 @@ static int uvc_v4l2_set_format(struct uvc_streaming *stream, stream->ctrl = probe; stream->cur_format = format; stream->cur_frame = frame; - stream->frame_size = fmt->fmt.pix.sizeimage; done: mutex_unlock(&stream->mutex); diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index 9ace520bb079..df81b9c4faf1 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -1143,7 +1143,7 @@ static int uvc_video_encode_data(struct uvc_streaming *stream, static void uvc_video_validate_buffer(const struct uvc_streaming *stream, struct uvc_buffer *buf) { - if (stream->frame_size != buf->bytesused && + if (stream->ctrl.dwMaxVideoFrameSize != buf->bytesused && !(stream->cur_format->flags & UVC_FMT_FLAG_COMPRESSED)) buf->error = 1; } diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 6f676c29ec09..864ada740360 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -457,7 +457,6 @@ struct uvc_streaming { struct uvc_format *def_format; struct uvc_format *cur_format; struct uvc_frame *cur_frame; - size_t frame_size; /* Protect access to ctrl, cur_format, cur_frame and hardware video * probe control. -- 2.20.1