diff options
author | Trent Piepho <xyzzy@speakeasy.org> | 2009-04-30 20:03:34 -0400 |
---|---|---|
committer | Mauro Carvalho Chehab <mchehab@redhat.com> | 2009-05-09 17:51:48 -0400 |
commit | 7ecc0cf937e97b6116db09cd13c32467b34c164a (patch) | |
tree | 9ab0e428f3e230d98169aee3eb3b9bd49d621c97 /drivers/media | |
parent | 1175d6131f7a89c163227169325ca77a22b18cb2 (diff) |
V4L/DVB (11662): v4l2-ioctl: Clear buffer type specific trailing fields/padding
Some ioctls have structs that are a different size depending on what type
of buffer is being used. If the buffer type leaves a field unused or has
padding space at the end, this space should be zeroed out.
The problems with S_FMT and REQBUFS were original identified and patched by
Marton Nemeth <nm127@freemail.hu>.
Signed-off-by: Trent Piepho <xyzzy@speakeasy.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Diffstat (limited to 'drivers/media')
-rw-r--r-- | drivers/media/video/v4l2-ioctl.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/drivers/media/video/v4l2-ioctl.c b/drivers/media/video/v4l2-ioctl.c index feb42073302..be64a502ea2 100644 --- a/drivers/media/video/v4l2-ioctl.c +++ b/drivers/media/video/v4l2-ioctl.c | |||
@@ -42,6 +42,12 @@ | |||
42 | printk(KERN_DEBUG "%s: " fmt, vfd->name, ## arg);\ | 42 | printk(KERN_DEBUG "%s: " fmt, vfd->name, ## arg);\ |
43 | } while (0) | 43 | } while (0) |
44 | 44 | ||
45 | /* Zero out the end of the struct pointed to by p. Everthing after, but | ||
46 | * not including, the specified field is cleared. */ | ||
47 | #define CLEAR_AFTER_FIELD(p, field) \ | ||
48 | memset((u8 *)(p) + offsetof(typeof(*(p)), field) + sizeof((p)->field), \ | ||
49 | 0, sizeof(*(p)) - offsetof(typeof(*(p)), field) - sizeof((p)->field)) | ||
50 | |||
45 | struct std_descr { | 51 | struct std_descr { |
46 | v4l2_std_id std; | 52 | v4l2_std_id std; |
47 | const char *descr; | 53 | const char *descr; |
@@ -782,44 +788,53 @@ static long __video_do_ioctl(struct file *file, | |||
782 | 788 | ||
783 | switch (f->type) { | 789 | switch (f->type) { |
784 | case V4L2_BUF_TYPE_VIDEO_CAPTURE: | 790 | case V4L2_BUF_TYPE_VIDEO_CAPTURE: |
791 | CLEAR_AFTER_FIELD(f, fmt.pix); | ||
785 | v4l_print_pix_fmt(vfd, &f->fmt.pix); | 792 | v4l_print_pix_fmt(vfd, &f->fmt.pix); |
786 | if (ops->vidioc_s_fmt_vid_cap) | 793 | if (ops->vidioc_s_fmt_vid_cap) |
787 | ret = ops->vidioc_s_fmt_vid_cap(file, fh, f); | 794 | ret = ops->vidioc_s_fmt_vid_cap(file, fh, f); |
788 | break; | 795 | break; |
789 | case V4L2_BUF_TYPE_VIDEO_OVERLAY: | 796 | case V4L2_BUF_TYPE_VIDEO_OVERLAY: |
797 | CLEAR_AFTER_FIELD(f, fmt.win); | ||
790 | if (ops->vidioc_s_fmt_vid_overlay) | 798 | if (ops->vidioc_s_fmt_vid_overlay) |
791 | ret = ops->vidioc_s_fmt_vid_overlay(file, | 799 | ret = ops->vidioc_s_fmt_vid_overlay(file, |
792 | fh, f); | 800 | fh, f); |
793 | break; | 801 | break; |
794 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: | 802 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: |
803 | CLEAR_AFTER_FIELD(f, fmt.pix); | ||
795 | v4l_print_pix_fmt(vfd, &f->fmt.pix); | 804 | v4l_print_pix_fmt(vfd, &f->fmt.pix); |
796 | if (ops->vidioc_s_fmt_vid_out) | 805 | if (ops->vidioc_s_fmt_vid_out) |
797 | ret = ops->vidioc_s_fmt_vid_out(file, fh, f); | 806 | ret = ops->vidioc_s_fmt_vid_out(file, fh, f); |
798 | break; | 807 | break; |
799 | case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: | 808 | case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: |
809 | CLEAR_AFTER_FIELD(f, fmt.win); | ||
800 | if (ops->vidioc_s_fmt_vid_out_overlay) | 810 | if (ops->vidioc_s_fmt_vid_out_overlay) |
801 | ret = ops->vidioc_s_fmt_vid_out_overlay(file, | 811 | ret = ops->vidioc_s_fmt_vid_out_overlay(file, |
802 | fh, f); | 812 | fh, f); |
803 | break; | 813 | break; |
804 | case V4L2_BUF_TYPE_VBI_CAPTURE: | 814 | case V4L2_BUF_TYPE_VBI_CAPTURE: |
815 | CLEAR_AFTER_FIELD(f, fmt.vbi); | ||
805 | if (ops->vidioc_s_fmt_vbi_cap) | 816 | if (ops->vidioc_s_fmt_vbi_cap) |
806 | ret = ops->vidioc_s_fmt_vbi_cap(file, fh, f); | 817 | ret = ops->vidioc_s_fmt_vbi_cap(file, fh, f); |
807 | break; | 818 | break; |
808 | case V4L2_BUF_TYPE_VBI_OUTPUT: | 819 | case V4L2_BUF_TYPE_VBI_OUTPUT: |
820 | CLEAR_AFTER_FIELD(f, fmt.vbi); | ||
809 | if (ops->vidioc_s_fmt_vbi_out) | 821 | if (ops->vidioc_s_fmt_vbi_out) |
810 | ret = ops->vidioc_s_fmt_vbi_out(file, fh, f); | 822 | ret = ops->vidioc_s_fmt_vbi_out(file, fh, f); |
811 | break; | 823 | break; |
812 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: | 824 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: |
825 | CLEAR_AFTER_FIELD(f, fmt.sliced); | ||
813 | if (ops->vidioc_s_fmt_sliced_vbi_cap) | 826 | if (ops->vidioc_s_fmt_sliced_vbi_cap) |
814 | ret = ops->vidioc_s_fmt_sliced_vbi_cap(file, | 827 | ret = ops->vidioc_s_fmt_sliced_vbi_cap(file, |
815 | fh, f); | 828 | fh, f); |
816 | break; | 829 | break; |
817 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: | 830 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: |
831 | CLEAR_AFTER_FIELD(f, fmt.sliced); | ||
818 | if (ops->vidioc_s_fmt_sliced_vbi_out) | 832 | if (ops->vidioc_s_fmt_sliced_vbi_out) |
819 | ret = ops->vidioc_s_fmt_sliced_vbi_out(file, | 833 | ret = ops->vidioc_s_fmt_sliced_vbi_out(file, |
820 | fh, f); | 834 | fh, f); |
821 | break; | 835 | break; |
822 | case V4L2_BUF_TYPE_PRIVATE: | 836 | case V4L2_BUF_TYPE_PRIVATE: |
837 | /* CLEAR_AFTER_FIELD(f, fmt.raw_data); <- does nothing */ | ||
823 | if (ops->vidioc_s_fmt_type_private) | 838 | if (ops->vidioc_s_fmt_type_private) |
824 | ret = ops->vidioc_s_fmt_type_private(file, | 839 | ret = ops->vidioc_s_fmt_type_private(file, |
825 | fh, f); | 840 | fh, f); |
@@ -836,46 +851,55 @@ static long __video_do_ioctl(struct file *file, | |||
836 | v4l2_type_names)); | 851 | v4l2_type_names)); |
837 | switch (f->type) { | 852 | switch (f->type) { |
838 | case V4L2_BUF_TYPE_VIDEO_CAPTURE: | 853 | case V4L2_BUF_TYPE_VIDEO_CAPTURE: |
854 | CLEAR_AFTER_FIELD(f, fmt.pix); | ||
839 | if (ops->vidioc_try_fmt_vid_cap) | 855 | if (ops->vidioc_try_fmt_vid_cap) |
840 | ret = ops->vidioc_try_fmt_vid_cap(file, fh, f); | 856 | ret = ops->vidioc_try_fmt_vid_cap(file, fh, f); |
841 | if (!ret) | 857 | if (!ret) |
842 | v4l_print_pix_fmt(vfd, &f->fmt.pix); | 858 | v4l_print_pix_fmt(vfd, &f->fmt.pix); |
843 | break; | 859 | break; |
844 | case V4L2_BUF_TYPE_VIDEO_OVERLAY: | 860 | case V4L2_BUF_TYPE_VIDEO_OVERLAY: |
861 | CLEAR_AFTER_FIELD(f, fmt.win); | ||
845 | if (ops->vidioc_try_fmt_vid_overlay) | 862 | if (ops->vidioc_try_fmt_vid_overlay) |
846 | ret = ops->vidioc_try_fmt_vid_overlay(file, | 863 | ret = ops->vidioc_try_fmt_vid_overlay(file, |
847 | fh, f); | 864 | fh, f); |
848 | break; | 865 | break; |
849 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: | 866 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: |
867 | CLEAR_AFTER_FIELD(f, fmt.pix); | ||
850 | if (ops->vidioc_try_fmt_vid_out) | 868 | if (ops->vidioc_try_fmt_vid_out) |
851 | ret = ops->vidioc_try_fmt_vid_out(file, fh, f); | 869 | ret = ops->vidioc_try_fmt_vid_out(file, fh, f); |
852 | if (!ret) | 870 | if (!ret) |
853 | v4l_print_pix_fmt(vfd, &f->fmt.pix); | 871 | v4l_print_pix_fmt(vfd, &f->fmt.pix); |
854 | break; | 872 | break; |
855 | case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: | 873 | case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: |
874 | CLEAR_AFTER_FIELD(f, fmt.win); | ||
856 | if (ops->vidioc_try_fmt_vid_out_overlay) | 875 | if (ops->vidioc_try_fmt_vid_out_overlay) |
857 | ret = ops->vidioc_try_fmt_vid_out_overlay(file, | 876 | ret = ops->vidioc_try_fmt_vid_out_overlay(file, |
858 | fh, f); | 877 | fh, f); |
859 | break; | 878 | break; |
860 | case V4L2_BUF_TYPE_VBI_CAPTURE: | 879 | case V4L2_BUF_TYPE_VBI_CAPTURE: |
880 | CLEAR_AFTER_FIELD(f, fmt.vbi); | ||
861 | if (ops->vidioc_try_fmt_vbi_cap) | 881 | if (ops->vidioc_try_fmt_vbi_cap) |
862 | ret = ops->vidioc_try_fmt_vbi_cap(file, fh, f); | 882 | ret = ops->vidioc_try_fmt_vbi_cap(file, fh, f); |
863 | break; | 883 | break; |
864 | case V4L2_BUF_TYPE_VBI_OUTPUT: | 884 | case V4L2_BUF_TYPE_VBI_OUTPUT: |
885 | CLEAR_AFTER_FIELD(f, fmt.vbi); | ||
865 | if (ops->vidioc_try_fmt_vbi_out) | 886 | if (ops->vidioc_try_fmt_vbi_out) |
866 | ret = ops->vidioc_try_fmt_vbi_out(file, fh, f); | 887 | ret = ops->vidioc_try_fmt_vbi_out(file, fh, f); |
867 | break; | 888 | break; |
868 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: | 889 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: |
890 | CLEAR_AFTER_FIELD(f, fmt.sliced); | ||
869 | if (ops->vidioc_try_fmt_sliced_vbi_cap) | 891 | if (ops->vidioc_try_fmt_sliced_vbi_cap) |
870 | ret = ops->vidioc_try_fmt_sliced_vbi_cap(file, | 892 | ret = ops->vidioc_try_fmt_sliced_vbi_cap(file, |
871 | fh, f); | 893 | fh, f); |
872 | break; | 894 | break; |
873 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: | 895 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: |
896 | CLEAR_AFTER_FIELD(f, fmt.sliced); | ||
874 | if (ops->vidioc_try_fmt_sliced_vbi_out) | 897 | if (ops->vidioc_try_fmt_sliced_vbi_out) |
875 | ret = ops->vidioc_try_fmt_sliced_vbi_out(file, | 898 | ret = ops->vidioc_try_fmt_sliced_vbi_out(file, |
876 | fh, f); | 899 | fh, f); |
877 | break; | 900 | break; |
878 | case V4L2_BUF_TYPE_PRIVATE: | 901 | case V4L2_BUF_TYPE_PRIVATE: |
902 | /* CLEAR_AFTER_FIELD(f, fmt.raw_data); <- does nothing */ | ||
879 | if (ops->vidioc_try_fmt_type_private) | 903 | if (ops->vidioc_try_fmt_type_private) |
880 | ret = ops->vidioc_try_fmt_type_private(file, | 904 | ret = ops->vidioc_try_fmt_type_private(file, |
881 | fh, f); | 905 | fh, f); |
@@ -898,6 +922,9 @@ static long __video_do_ioctl(struct file *file, | |||
898 | if (ret) | 922 | if (ret) |
899 | break; | 923 | break; |
900 | 924 | ||
925 | if (p->type < V4L2_BUF_TYPE_PRIVATE) | ||
926 | CLEAR_AFTER_FIELD(p, memory); | ||
927 | |||
901 | ret = ops->vidioc_reqbufs(file, fh, p); | 928 | ret = ops->vidioc_reqbufs(file, fh, p); |
902 | dbgarg(cmd, "count=%d, type=%s, memory=%s\n", | 929 | dbgarg(cmd, "count=%d, type=%s, memory=%s\n", |
903 | p->count, | 930 | p->count, |