Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp1862060rwb; Fri, 19 Aug 2022 10:36:54 -0700 (PDT) X-Google-Smtp-Source: AA6agR7ZeTpRjFQ3AdEe26iFxfZEVtmK2izB0RPqWcB7z/1oDgp3Nbag4GcLXJKnyUc8Vf0g8OnC X-Received: by 2002:a17:90a:bf05:b0:1fa:d8f9:5402 with SMTP id c5-20020a17090abf0500b001fad8f95402mr6716174pjs.197.1660930614073; Fri, 19 Aug 2022 10:36:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660930614; cv=none; d=google.com; s=arc-20160816; b=0LEcIb7tOnoww3TnXjs19UOfuR0g/gscKNF2EUQ4bJJYd0B2VogqtGpyPLuHqwzwja 3a+PD+NqfKGm1O1C9ILRSIEKc6SYKeo/3Oo4toPknRVaSI/5PRwNy+jMEU9fLcVQy82r jQ08VIStq3qrLH3nEZLfyfYnD41c6Tx1tdDFw4KQ6VtuHDkqmA1q2Nz7gZfHD001x7pL dv9QEQAEVU8rZxrHeL8J5N+EuI+E4hjsa0NNZGpHOmo6Ej6ciAYQIyshgsGDkn8z7nDO o4KHxkTZXBkgn+pAl/SXBIeeA+4WtiylWvaftf1syFfkZzaeB2Yk3QGX3SnRpSF49Yzr m4bQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=TwVIk3kGzRgMJvkuvdy43c5mGl+GHIfESLn3pXJd4VU=; b=hJZZT39YhRaRahlWxlSWDsyqYekuyH8TlWyU9b1w+bU1JlYusYc5d6qNY+wCzfYwbx dvmka8YSpzajkqT58Miu9mhxd3jYwAIjv21N/UumHsOYaRBW4y5R833NFXo/kzbA6Q8C QBWu5qUQTRnRUo7i5qeDK0BGj2YQxYX/lKwT3PhG+Ilrk4r32unrHUE+JrLelsWfqi5C AbzsCYRZJJb0wONxKmC/m4ueDSaTnwTzjVgqIu/yiWowQy+W37phZWdyv1YzzPRVVK7H CeI4nps7RFMgKZV6sY5Ilrd2+PRn3rMvTqvc6h7j5NsS6FAPnyEbUBnWaELs7j+aJqP4 neUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dts4OiWQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c29-20020a630d1d000000b0041cef931e70si2791711pgl.724.2022.08.19.10.36.43; Fri, 19 Aug 2022 10:36:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dts4OiWQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352470AbiHSQVF (ORCPT + 99 others); Fri, 19 Aug 2022 12:21:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352357AbiHSQQZ (ORCPT ); Fri, 19 Aug 2022 12:16:25 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D4DE115999; Fri, 19 Aug 2022 08:59:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A555D61589; Fri, 19 Aug 2022 15:59:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB34AC433D7; Fri, 19 Aug 2022 15:59:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660924782; bh=+05SRfg+Yn0MegTxV+fpuw7mZfh5JYP4M+ALwrxkyFk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dts4OiWQ5Zv1JvaZyFjywvLnhEupcuVokcZQnhGd4cS8jWuX7dKkxlXUNy32MFFMe viqCJqxrygV2zvX/nIXizYoVEIchZEiTexoKWQC0PSKsxE6c2U0jn7GY3JseLA6Xgu 950GQEj6MAfjglsuxRpz+s6m471D1cu3q8/+1aMo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jernej Skrabec , Ezequiel Garcia , Hans Verkuil , Mauro Carvalho Chehab , Sasha Levin Subject: [PATCH 5.10 251/545] media: cedrus: hevc: Add check for invalid timestamp Date: Fri, 19 Aug 2022 17:40:21 +0200 Message-Id: <20220819153840.598252726@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220819153829.135562864@linuxfoundation.org> References: <20220819153829.135562864@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jernej Skrabec [ Upstream commit 143201a6435bf65f0115435e9dc6d95c66b908e9 ] Not all DPB entries will be used most of the time. Unused entries will thus have invalid timestamps. They will produce negative buffer index which is not specifically handled. This works just by chance in current code. It will even produce bogus pointer, but since it's not used, it won't do any harm. Let's fix that brittle design by skipping writing DPB entry altogether if timestamp is invalid. Fixes: 86caab29da78 ("media: cedrus: Add HEVC/H.265 decoding support") Signed-off-by: Jernej Skrabec Reviewed-by: Ezequiel Garcia Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c index 368439cf5e17..20c01a56f284 100644 --- a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c +++ b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c @@ -147,6 +147,9 @@ static void cedrus_h265_frame_info_write_dpb(struct cedrus_ctx *ctx, dpb[i].pic_order_cnt[1] }; + if (buffer_index < 0) + continue; + cedrus_h265_frame_info_write_single(ctx, i, dpb[i].field_pic, pic_order_cnt, buffer_index); -- 2.35.1