Re: [PATCH 1/2] [media] vb2: Fix an off by one error in 'vb2_plane_vaddr'
From: Christophe JAILLET
Date: Mon Apr 24 2017 - 16:00:37 EST
Le 24/04/2017 à 16:16, Sakari Ailus a écrit :
On Sun, Apr 23, 2017 at 11:32:57PM +0200, Christophe JAILLET wrote:
We should ensure that 'plane_no' is '< vb->num_planes' as done in
'vb2_plane_cookie' just a few lines below.
Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
---
drivers/media/v4l2-core/videobuf2-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c
index 94afbbf92807..c0175ea7e7ad 100644
--- a/drivers/media/v4l2-core/videobuf2-core.c
+++ b/drivers/media/v4l2-core/videobuf2-core.c
@@ -868,7 +868,7 @@ EXPORT_SYMBOL_GPL(vb2_core_create_bufs);
void *vb2_plane_vaddr(struct vb2_buffer *vb, unsigned int plane_no)
{
- if (plane_no > vb->num_planes || !vb->planes[plane_no].mem_priv)
+ if (plane_no >= vb->num_planes || !vb->planes[plane_no].mem_priv)
return NULL;
return call_ptr_memop(vb, vaddr, vb->planes[plane_no].mem_priv);
Oh my. How could this happen?
This should go to stable as well.
Should I resubmit with "Cc: stable@xxxxxxxxxxxxxxx" or will you add it
yourself?
CJ
Reviewed-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>