4a287cfeea
This patch fixes the strange crashes I was seeing after using bttv card, caused by a buffer overflow in bttv_risc_packed. The instruction buffer size calculation contains two errors: (a) a non-zero padding value can push the start of the next bpl section to just before a page border, leading to more scanline splits and thus additional instructions. (b) the first DMA region can be smaller than one page, so there can be a scanline split even if bpl*lines is smaller than PAGE_SIZE. For example, consider the case where offset is 0, bpl is 2, padding is 4094, lines is smaller than 2048, the first DMA region has size 1 and all others have size PAGE_SIZE, assumed to equal 4096. Then all bpl regions cross page borders and the number of instructions written is 2*lines+2, rather than lines+2 (the current estimate). With this patch the number of instructions for this example is estimated to be 2*lines+3. Also, the BUG_ON that was supposed to catch buffer overflows contained a thinko causing it fire only if the buffer was overrun by a factor of 16 or more, so it fixes the the BUG_ON's (using sizeof rather than "4"). Signed-off-by: Duncan Sands <baldrick@free.fr> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org> |
||
---|---|---|
.. | ||
common | ||
dvb | ||
radio | ||
video | ||
Kconfig | ||
Makefile |