android_kernel_xiaomi_sm8350/drivers/media
Duncan Sands 4a287cfeea V4L/DVB (3394): Bttv: correct bttv_risc_packed buffer size
This patch fixes the strange crashes I was seeing after using
bttv card, caused by a buffer overflow in bttv_risc_packed.
The instruction buffer size calculation contains two errors:
(a) a non-zero padding value can push the start of the next bpl
section to just before a page border, leading to more scanline
splits and thus additional instructions.
(b) the first DMA region can be smaller than one page, so there can
be a scanline split even if bpl*lines is smaller than PAGE_SIZE.
For example, consider the case where offset is 0, bpl is 2, padding
is 4094, lines is smaller than 2048, the first DMA region has size 1
and all others have size PAGE_SIZE, assumed to equal 4096.  Then
all bpl regions cross page borders and the number of instructions
written is 2*lines+2, rather than lines+2 (the current estimate).
With this patch the number of instructions for this example is
estimated to be 2*lines+3.
Also, the BUG_ON that was supposed to catch buffer overflows contained
a thinko causing it fire only if the buffer was overrun by a factor of
16 or more, so it fixes the the BUG_ON's (using sizeof rather than "4").

Signed-off-by: Duncan Sands <baldrick@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
2006-02-27 00:09:48 -03:00
..
common V4L/DVB (3318b): sem2mutex: drivers/media/, #2 2006-02-07 06:49:14 -02:00
dvb V4L/DVB (3393): Cx88: reduce excessive logging 2006-02-27 00:09:45 -03:00
radio V4L/DVB (3318b): sem2mutex: drivers/media/, #2 2006-02-07 06:49:14 -02:00
video V4L/DVB (3394): Bttv: correct bttv_risc_packed buffer size 2006-02-27 00:09:48 -03:00
Kconfig
Makefile [PATCH] dvb: avoid building empty built-in.o 2005-09-09 13:57:36 -07:00