Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2868951rwb; Mon, 15 Aug 2022 12:59:46 -0700 (PDT) X-Google-Smtp-Source: AA6agR6KcL9ynjIk1rhMTDkMOl8Q2r3+30inej5r8ByWTAugtM6DLdzfmgSrY2bK6bNtAlJKmNKh X-Received: by 2002:a05:6402:27ca:b0:43e:ce64:ca07 with SMTP id c10-20020a05640227ca00b0043ece64ca07mr16425001ede.66.1660593586192; Mon, 15 Aug 2022 12:59:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660593586; cv=none; d=google.com; s=arc-20160816; b=0SvSGinHDbl31auEiTdHKd3DdSNlLLajzR1d1uyJfu2SVQ1VOJmV36hz6Q7b8SigRT Z0mBDEDHcwGY3CSY62v9IqamW/V4LyzBqE0LNzayBZEgNHfpP8VLXQCYOfgf1sIyTP7S yftyLT3BryvPpFpobBVMCkdf8DoAH/hTsQWKzQA7AWtBCvlmEnHG62UJQ6MzYyyMCZQS qlzb+Hetmq2KwHzHBZppt9Q0fTHS7Br2zykyTcnaruKeY2ZV89unquHoXMy9iuSuPq5v 1CqMoKukdDGQmY2pJfRT+Dmbl5mD5LuF/Z5EfHV1eggtindakouJzdx4SfMfjr2EAdW+ 0/Nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/JBGhn5Cntwj47hb43Y2OtsnyzHznOR9pOSufFk/Td0=; b=BEkvPhSJ9+wU2fmPo18GaiCoQlw1GciZpa86U7AjOldb7belRNwlt93i6MsnP6Yg+v ZYT7G5O5KpmsKPSTcFekoh8+/NGMoSjDlbkBUWG1vyyA/zAWVqs8iU0eMBeJ6uIqMwAj nOpAPzI8VnSGanB7NwetMS2hvN5DVacstCVMjEOshYvaczjeU2EBwO7Odsw2sDnRzw7X EHJhfD2B+sxB+4ASwCln6c7hQDv3BHS0HkRGmRow9ZSatgkMGzminCXpnqhWHhCAmZq0 uaKoGz5dyocnoGMqGmn8lnVB4+d3w4hpwziosh2ZwcGrQEwjcXMnMtsHSMmfoApT1vCW ETGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jSE6Z5EO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dt20-20020a170907729400b00734bc2f6bb1si9455756ejc.801.2022.08.15.12.59.11; Mon, 15 Aug 2022 12:59:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jSE6Z5EO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242521AbiHOTCl (ORCPT + 99 others); Mon, 15 Aug 2022 15:02:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245219AbiHOS5C (ORCPT ); Mon, 15 Aug 2022 14:57:02 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DC8148EB6; Mon, 15 Aug 2022 11:32:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B14BA61070; Mon, 15 Aug 2022 18:32:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9C4C0C433C1; Mon, 15 Aug 2022 18:32:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660588325; bh=IHCGDqu5bwcqLCvp1VkhijS+mn/FWgB8orbf0bZ0ZjI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jSE6Z5EOcnIeGUGXe9FdvbKsvqM8OM09FQ2PTIsPrH0oKfvw08ysDzy7rT+4Zpiy+ VcjdjDwcCjGBV0gV3R96KbH72V+7bb7oGFkIE9y1CwlzJCvxncZrf79OlUEjZnJHGN tWk6mZRmeL6XoBkmM5O7ikKd/++36i80ggBsXodk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jernej Skrabec , Ezequiel Garcia , Hans Verkuil , Mauro Carvalho Chehab , Sasha Levin Subject: [PATCH 5.15 367/779] media: cedrus: hevc: Add check for invalid timestamp Date: Mon, 15 Aug 2022 20:00:11 +0200 Message-Id: <20220815180352.941967383@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180337.130757997@linuxfoundation.org> References: <20220815180337.130757997@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jernej Skrabec [ Upstream commit 143201a6435bf65f0115435e9dc6d95c66b908e9 ] Not all DPB entries will be used most of the time. Unused entries will thus have invalid timestamps. They will produce negative buffer index which is not specifically handled. This works just by chance in current code. It will even produce bogus pointer, but since it's not used, it won't do any harm. Let's fix that brittle design by skipping writing DPB entry altogether if timestamp is invalid. Fixes: 86caab29da78 ("media: cedrus: Add HEVC/H.265 decoding support") Signed-off-by: Jernej Skrabec Reviewed-by: Ezequiel Garcia Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c index f2cec43fd1f0..830cae03fc6e 100644 --- a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c +++ b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c @@ -147,6 +147,9 @@ static void cedrus_h265_frame_info_write_dpb(struct cedrus_ctx *ctx, dpb[i].pic_order_cnt[1] }; + if (buffer_index < 0) + continue; + cedrus_h265_frame_info_write_single(ctx, i, dpb[i].field_pic, pic_order_cnt, buffer_index); -- 2.35.1