Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

This project is archived. Its data is read-only.

Commit 4095e258 authored Apr 26, 2014 by Vikash Garodia

msm: vidc: define max profile level count



Existing code allocates single element array for the
supported profile level. When the supported profile and
level count increases, video drives writes on a memory
which was not allocated for this purpose. In the process,
memory corruption is observed leading to kernel panic.

Define a macro for max profile level count and avoid
updating the local stack object when venus FW sends
profile level count greater than max profile level
count

Change-Id: I2f554cdcf5f5dc505c088a006adcce1db9c98b54
CRs-Fixed: 652233
Signed-off-by: Vikash Garodia <vgarodia@codeaurora.org>

parent d167001f

drivers/media/platform/msm/vidc/hfi_response_handler.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -582,6 +582,11 @@ enum vidc_status hfi_process_sess_init_done_prop_read(
		dprintk(VIDC_DBG, "prop->profile_count: %d\n",
		prop->profile_count);
		prop_count = prop->profile_count;
		if (prop_count > MAX_PROFILE_COUNT) {
		prop_count = MAX_PROFILE_COUNT;
		dprintk(VIDC_WARN,
		"prop count exceeds max profile count\n");
		}
		while (prop_count) {
		ptr++;
		prop_level = (struct hfi_profile_level *) ptr;

drivers/media/platform/msm/vidc/vidc_hfi_api.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -57,6 +57,7 @@
		#define HAL_DEBUG_MSG_HIGH 0x00000004
		#define HAL_DEBUG_MSG_ERROR 0x00000008
		#define HAL_DEBUG_MSG_FATAL 0x00000010
		#define MAX_PROFILE_COUNT 16

		enum vidc_status {
		VIDC_ERR_NONE = 0x0,
		@@ -578,7 +579,7 @@ struct hal_profile_level {

		struct hal_profile_level_supported {
		u32 profile_count;
		struct hal_profile_level profile_level[1];
		struct hal_profile_level profile_level[MAX_PROFILE_COUNT];
		};

		enum hal_h264_entropy {