Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3091330rwb;
        Mon, 15 Aug 2022 17:55:01 -0700 (PDT)
X-Google-Smtp-Source: AA6agR6QktyGv1pQqWdJREdZGpzpXVxOfSOJ5j5GD60yM4j9lOQiOqZnwi9j8N6IRAAsIDd3TA4c
X-Received: by 2002:a17:906:7007:b0:6ff:8028:42e with SMTP id n7-20020a170906700700b006ff8028042emr12107171ejj.278.1660611196734;
        Mon, 15 Aug 2022 17:53:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660611196; cv=none;
        d=google.com; s=arc-20160816;
        b=h2/CjV78881ol9lzngqwnoHgk0cbae9/aUSXW3JXZmBDAeS5J47OXBNMtjlapC5wF1
         qQVY0ucXBUVwuFtFrdQlB63SkV4RTOo43lr7OV4XXI4u2PcYea0HDyH9K+n+hNAEgMGy
         D1HJoMBylAHNcAB3mFM09BCrqnQU+WFHnzQemt0zuf4kGawNNWSmtTfLfNQb+g48Q7WX
         QkMYq5+TpKncGCc6Q9CtVaTeykVyhOY1RPG/3sdCSPKo70Jw5pc4ba15GqJQbblpkDMf
         8XE1G73e9PxrxDBWEoGmvnirE7lIoaQ0qqTVwiDbF5c4NOoMpx138DJ2FjOvtzKTGiAL
         oAYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=zNKh3DFRSPI22hc7WVxNz3cWRY1f0uF7ZNwSfA0tj8s=;
        b=HSminCsTYOrlDL6pco3mNyHxnWZxaV2VkrJy4m7273ReaDly2XX1fx2nl9Iztko2V9
         +Rx4Slb8QP2vS/TNHvSUYjC49II8mo98EodlHS/m+oYiqIGaQRw2eMuEAB8tYZoaZJQS
         27pxB9HJf+OfMwdpQhzu3+WlNsUgiuJ0L5Bd1r5izesp2h6LTsih1tatL/JyEH3cTIgD
         JnMY3deyCkkTF2FHg+cIDAC+8soa/FiBknee2AehqQZnvMUqP5gUdASe2hjNHoiyVnNs
         m+rG/z94mHcYbZYKv4C4+DSUTPhykeQdi8PiJuXOtdsaYgONoH6IUvYI6fZIi3R5e21m
         QCVA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fI8JR3xQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id qw38-20020a1709066a2600b00733067cfd8asi8612142ejc.288.2022.08.15.17.52.51;
        Mon, 15 Aug 2022 17:53:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fI8JR3xQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1356236AbiHPACI (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Mon, 15 Aug 2022 20:02:08 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54680 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1356409AbiHOXyS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Aug 2022 19:54:18 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0042816079A;
        Mon, 15 Aug 2022 13:19:09 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 91CC0B80EAD;
        Mon, 15 Aug 2022 20:19:07 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BECE7C433C1;
        Mon, 15 Aug 2022 20:19:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1660594746;
        bh=fI3ggYNDRY5ZStkHfiu7AToAPUQW7fzehU9W+hqrCew=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=fI8JR3xQiJqqb+sndGAJBVdyghQWqXxiGShQeKpskgghOP9WBqtOvg0mx9L68spaq
         q+6SWl+iMl1cP4xacpwYlxVZCDf+Ybsfj7Eh+HvNJnewgxlo42E+RWeLZnOk4DIGsg
         ZXtLc041VTM/EXlrfpqc8c5sFko2FIj6f9TQaUCE=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Jernej Skrabec <jernej.skrabec@gmail.com>,
        Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>,
        Hans Verkuil <hverkuil-cisco@xs4all.nl>,
        Mauro Carvalho Chehab <mchehab@kernel.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.19 0544/1157] media: cedrus: hevc: Add check for invalid timestamp
Date:   Mon, 15 Aug 2022 19:58:20 +0200
Message-Id: <20220815180501.431843860@linuxfoundation.org>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220815180439.416659447@linuxfoundation.org>
References: <20220815180439.416659447@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jernej Skrabec <jernej.skrabec@gmail.com>

[ Upstream commit 143201a6435bf65f0115435e9dc6d95c66b908e9 ]

Not all DPB entries will be used most of the time. Unused entries will
thus have invalid timestamps. They will produce negative buffer index
which is not specifically handled. This works just by chance in current
code. It will even produce bogus pointer, but since it's not used, it
won't do any harm.

Let's fix that brittle design by skipping writing DPB entry altogether
if timestamp is invalid.

Fixes: 86caab29da78 ("media: cedrus: Add HEVC/H.265 decoding support")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
index 2f6404fccd5a..04419381ea56 100644
--- a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
+++ b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
@@ -147,6 +147,9 @@ static void cedrus_h265_frame_info_write_dpb(struct cedrus_ctx *ctx,
 			dpb[i].pic_order_cnt_val
 		};
 
+		if (buffer_index < 0)
+			continue;
+
 		cedrus_h265_frame_info_write_single(ctx, i, dpb[i].field_pic,
 						    pic_order_cnt,
 						    buffer_index);
-- 
2.35.1