'dma_alloc_coherent()' alloc a 'RKVDEC_VP9_COUNT_SIZE' size area to
'unsigned char *count_tbl', however, the memset() bellow only set
'sizeof(*count_tbl)', which equals to 1, bytes to zero. This can
cause unexpected error.
Fixes: f25709c4ff15 ("media: rkvdec: Add the VP9 backend")
Signed-off-by: Zhang Zekun <[email protected]>
---
drivers/staging/media/rkvdec/rkvdec-vp9.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/media/rkvdec/rkvdec-vp9.c b/drivers/staging/media/rkvdec/rkvdec-vp9.c
index 311a12656072..3ad303a3de48 100644
--- a/drivers/staging/media/rkvdec/rkvdec-vp9.c
+++ b/drivers/staging/media/rkvdec/rkvdec-vp9.c
@@ -1026,7 +1026,7 @@ static int rkvdec_vp9_start(struct rkvdec_ctx *ctx)
vp9_ctx->count_tbl.size = RKVDEC_VP9_COUNT_SIZE;
vp9_ctx->count_tbl.cpu = count_tbl;
- memset(count_tbl, 0, sizeof(*count_tbl));
+ memset(count_tbl, 0, RKVDEC_VP9_COUNT_SIZE);
rkvdec_init_v4l2_vp9_count_tbl(ctx);
return 0;
--
2.17.1
On 2022-06-17 08:31, Zhang Zekun wrote:
> 'dma_alloc_coherent()' alloc a 'RKVDEC_VP9_COUNT_SIZE' size area to
> 'unsigned char *count_tbl', however, the memset() bellow only set
> 'sizeof(*count_tbl)', which equals to 1, bytes to zero. This can
> cause unexpected error.
Have you observed an error in practice? Given that it's been part of the
dma_alloc_coherent() API to return a zeroed buffer for several years now
- see 750afb08ca71 ("cross-tree: phase out dma_zalloc_coherent()") -
this memset shouldn't be needed either way.
Robin.
> Fixes: f25709c4ff15 ("media: rkvdec: Add the VP9 backend")
> Signed-off-by: Zhang Zekun <[email protected]>
> ---
> drivers/staging/media/rkvdec/rkvdec-vp9.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/media/rkvdec/rkvdec-vp9.c b/drivers/staging/media/rkvdec/rkvdec-vp9.c
> index 311a12656072..3ad303a3de48 100644
> --- a/drivers/staging/media/rkvdec/rkvdec-vp9.c
> +++ b/drivers/staging/media/rkvdec/rkvdec-vp9.c
> @@ -1026,7 +1026,7 @@ static int rkvdec_vp9_start(struct rkvdec_ctx *ctx)
>
> vp9_ctx->count_tbl.size = RKVDEC_VP9_COUNT_SIZE;
> vp9_ctx->count_tbl.cpu = count_tbl;
> - memset(count_tbl, 0, sizeof(*count_tbl));
> + memset(count_tbl, 0, RKVDEC_VP9_COUNT_SIZE);
> rkvdec_init_v4l2_vp9_count_tbl(ctx);
>
> return 0;
On Fri, Jun 17, 2022 at 07:31:01AM +0000, Zhang Zekun wrote:
> 'dma_alloc_coherent()' alloc a 'RKVDEC_VP9_COUNT_SIZE' size area to
> 'unsigned char *count_tbl', however, the memset() bellow only set
> 'sizeof(*count_tbl)', which equals to 1, bytes to zero. This can
> cause unexpected error.
>
> Fixes: f25709c4ff15 ("media: rkvdec: Add the VP9 backend")
> Signed-off-by: Zhang Zekun <[email protected]>
> ---
> drivers/staging/media/rkvdec/rkvdec-vp9.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/media/rkvdec/rkvdec-vp9.c b/drivers/staging/media/rkvdec/rkvdec-vp9.c
> index 311a12656072..3ad303a3de48 100644
> --- a/drivers/staging/media/rkvdec/rkvdec-vp9.c
> +++ b/drivers/staging/media/rkvdec/rkvdec-vp9.c
> @@ -1026,7 +1026,7 @@ static int rkvdec_vp9_start(struct rkvdec_ctx *ctx)
>
> vp9_ctx->count_tbl.size = RKVDEC_VP9_COUNT_SIZE;
> vp9_ctx->count_tbl.cpu = count_tbl;
> - memset(count_tbl, 0, sizeof(*count_tbl));
> + memset(count_tbl, 0, RKVDEC_VP9_COUNT_SIZE);
Just delete the memset instead like Robin said. No Fixes tag required
on this one.
regards,
dan carpenter