iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d55c3ee6b4
linux/drivers/media/common/videobuf2
History
Hans de Goede d55c3ee6b4 media: videobuf2-dma-sg: Fix buf->vb NULL pointer dereference 
Commit a4b83deb3e ("media: videobuf2: rework vb2_mem_ops API")
added a new vb member to struct vb2_dma_sg_buf, but it only added
code setting this to the vb2_dma_sg_alloc() function and not to the
vb2_dma_sg_get_userptr() and vb2_dma_sg_attach_dmabuf() which also
create vb2_dma_sg_buf objects.

This is causing a crash due to a NULL pointer deref when using
libcamera on devices with an Intel IPU3 (qcam app).

Fix these crashes by assigning buf->vb in the other 2 functions too,
note libcamera tests the vb2_dma_sg_get_userptr() path, the change
to the vb2_dma_sg_attach_dmabuf() path is untested.

Fixes: a4b83deb3e ("media: videobuf2: rework vb2_mem_ops API")
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
2021-11-10 11:38:48 +00:00
..
frame_vector.c media: videobuf2: use vma_lookup() in get_vaddr_frames() 2021-06-29 10:53:51 -07:00
Kconfig media: videobuf2: Move frame_vector into media subsystem 2021-01-12 14:15:31 +01:00
Makefile media: videobuf2: Move frame_vector into media subsystem 2021-01-12 14:15:31 +01:00
vb2-trace.c media: videobuf2: fix build issues with vb2-trace 2018-02-23 05:13:53 -05:00
videobuf2-core.c media: videobuf2: handle V4L2_MEMORY_FLAG_NON_COHERENT flag 2021-09-30 10:07:57 +02:00
videobuf2-dma-contig.c media: videobuf2: always set buffer vb2 pointer 2021-10-19 08:08:38 +01:00
videobuf2-dma-sg.c media: videobuf2-dma-sg: Fix buf->vb NULL pointer dereference 2021-11-10 11:38:48 +00:00
videobuf2-dvb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
videobuf2-memops.c mm/frame-vector: Use FOLL_LONGTERM 2021-01-12 14:15:17 +01:00
videobuf2-v4l2.c media: videobuf2: handle V4L2_MEMORY_FLAG_NON_COHERENT flag 2021-09-30 10:07:57 +02:00
videobuf2-vmalloc.c media: videobuf2: rework vb2_mem_ops API 2021-09-30 10:07:56 +02:00