media: vb2: verify data_offset only if nonzero bytesused
authorNikhil Devshatwar <nikhil.nd@ti.com>
Thu, 19 Jun 2014 09:56:37 +0000 (15:26 +0530)
committerAnand Balagopalakrishnan <anandb@ti.com>
Mon, 15 Jun 2015 08:06:00 +0000 (13:36 +0530)
verify_planes would fail if the user space fills up the data_offset field
and bytesused is left as zero. Correct this.
When comparing data_offset > bytesused, bypass the check if the
bytesused field is set to zero.

Change-Id: I4c63bc03f6d455ce00a56d63df08c624579bc831
Signed-off-by: Nikhil Devshatwar <nikhil.nd@ti.com>
drivers/media/v4l2-core/videobuf2-core.c

index 1a59e26cfc7871ae1e136c46216ce025778dbe2a..13f68b7ef5436edfd78544f6002c6d2e9751276b 100644 (file)
@@ -394,12 +394,9 @@ static int __verify_length(struct vb2_buffer *vb, const struct v4l2_buffer *b)
                               ? b->m.planes[plane].length
                               : vb->v4l2_planes[plane].length;
 
-                       if (b->m.planes[plane].bytesused > length)
-                               return -EINVAL;
-
-                       if (b->m.planes[plane].data_offset > 0 &&
-                           b->m.planes[plane].data_offset >=
-                           b->m.planes[plane].bytesused)
+                       if (b->m.planes[plane].bytesused > 0 &&
+                           b->m.planes[plane].data_offset +
+                           b->m.planes[plane].bytesused > length)
                                return -EINVAL;
                }
        } else {