Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2868951rwb;
        Mon, 15 Aug 2022 12:59:46 -0700 (PDT)
X-Google-Smtp-Source: AA6agR6KcL9ynjIk1rhMTDkMOl8Q2r3+30inej5r8ByWTAugtM6DLdzfmgSrY2bK6bNtAlJKmNKh
X-Received: by 2002:a05:6402:27ca:b0:43e:ce64:ca07 with SMTP id c10-20020a05640227ca00b0043ece64ca07mr16425001ede.66.1660593586192;
        Mon, 15 Aug 2022 12:59:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660593586; cv=none;
        d=google.com; s=arc-20160816;
        b=0SvSGinHDbl31auEiTdHKd3DdSNlLLajzR1d1uyJfu2SVQ1VOJmV36hz6Q7b8SigRT
         Z0mBDEDHcwGY3CSY62v9IqamW/V4LyzBqE0LNzayBZEgNHfpP8VLXQCYOfgf1sIyTP7S
         yftyLT3BryvPpFpobBVMCkdf8DoAH/hTsQWKzQA7AWtBCvlmEnHG62UJQ6MzYyyMCZQS
         qlzb+Hetmq2KwHzHBZppt9Q0fTHS7Br2zykyTcnaruKeY2ZV89unquHoXMy9iuSuPq5v
         1CqMoKukdDGQmY2pJfRT+Dmbl5mD5LuF/Z5EfHV1eggtindakouJzdx4SfMfjr2EAdW+
         0/Nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=/JBGhn5Cntwj47hb43Y2OtsnyzHznOR9pOSufFk/Td0=;
        b=BEkvPhSJ9+wU2fmPo18GaiCoQlw1GciZpa86U7AjOldb7belRNwlt93i6MsnP6Yg+v
         ZYT7G5O5KpmsKPSTcFekoh8+/NGMoSjDlbkBUWG1vyyA/zAWVqs8iU0eMBeJ6uIqMwAj
         nOpAPzI8VnSGanB7NwetMS2hvN5DVacstCVMjEOshYvaczjeU2EBwO7Odsw2sDnRzw7X
         EHJhfD2B+sxB+4ASwCln6c7hQDv3BHS0HkRGmRow9ZSatgkMGzminCXpnqhWHhCAmZq0
         uaKoGz5dyocnoGMqGmn8lnVB4+d3w4hpwziosh2ZwcGrQEwjcXMnMtsHSMmfoApT1vCW
         ETGg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jSE6Z5EO;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id dt20-20020a170907729400b00734bc2f6bb1si9455756ejc.801.2022.08.15.12.59.11;
        Mon, 15 Aug 2022 12:59:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jSE6Z5EO;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242521AbiHOTCl (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Mon, 15 Aug 2022 15:02:41 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48712 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S245219AbiHOS5C (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Aug 2022 14:57:02 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DC8148EB6;
        Mon, 15 Aug 2022 11:32:06 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id B14BA61070;
        Mon, 15 Aug 2022 18:32:05 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9C4C0C433C1;
        Mon, 15 Aug 2022 18:32:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1660588325;
        bh=IHCGDqu5bwcqLCvp1VkhijS+mn/FWgB8orbf0bZ0ZjI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=jSE6Z5EOcnIeGUGXe9FdvbKsvqM8OM09FQ2PTIsPrH0oKfvw08ysDzy7rT+4Zpiy+
         VcjdjDwcCjGBV0gV3R96KbH72V+7bb7oGFkIE9y1CwlzJCvxncZrf79OlUEjZnJHGN
         tWk6mZRmeL6XoBkmM5O7ikKd/++36i80ggBsXodk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Jernej Skrabec <jernej.skrabec@gmail.com>,
        Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>,
        Hans Verkuil <hverkuil-cisco@xs4all.nl>,
        Mauro Carvalho Chehab <mchehab@kernel.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.15 367/779] media: cedrus: hevc: Add check for invalid timestamp
Date:   Mon, 15 Aug 2022 20:00:11 +0200
Message-Id: <20220815180352.941967383@linuxfoundation.org>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220815180337.130757997@linuxfoundation.org>
References: <20220815180337.130757997@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jernej Skrabec <jernej.skrabec@gmail.com>

[ Upstream commit 143201a6435bf65f0115435e9dc6d95c66b908e9 ]

Not all DPB entries will be used most of the time. Unused entries will
thus have invalid timestamps. They will produce negative buffer index
which is not specifically handled. This works just by chance in current
code. It will even produce bogus pointer, but since it's not used, it
won't do any harm.

Let's fix that brittle design by skipping writing DPB entry altogether
if timestamp is invalid.

Fixes: 86caab29da78 ("media: cedrus: Add HEVC/H.265 decoding support")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
index f2cec43fd1f0..830cae03fc6e 100644
--- a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
+++ b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
@@ -147,6 +147,9 @@ static void cedrus_h265_frame_info_write_dpb(struct cedrus_ctx *ctx,
 			dpb[i].pic_order_cnt[1]
 		};
 
+		if (buffer_index < 0)
+			continue;
+
 		cedrus_h265_frame_info_write_single(ctx, i, dpb[i].field_pic,
 						    pic_order_cnt,
 						    buffer_index);
-- 
2.35.1