From 25141bc7ac6f4fa1fe54cec748d4d5458c370a7d Mon Sep 17 00:00:00 2001
From: Philipp Zabel
Date: Thu, 7 Dec 2017 09:59:50 -0500
Subject: [PATCH] media: coda: allocate space for mpeg4 decoder mvcol buffer
The MPEG-4 decoder mvcol buffer was registered, but its size not added
to a frame buffer allocation. This could cause the decoder to write past
the end of the allocated buffer for large frame sizes.
Signed-off-by: Philipp Zabel
Signed-off-by: Hans Verkuil
Signed-off-by: Mauro Carvalho Chehab
---
drivers/media/platform/coda/coda-bit.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c
index 87002bede5ea..32db1227d025 100644
--- a/drivers/media/platform/coda/coda-bit.c
+++ b/drivers/media/platform/coda/coda-bit.c
@@ -414,8 +414,10 @@ static int coda_alloc_framebuffers(struct coda_ctx *ctx,
size = round_up(ysize, 4096) + ysize / 2;
else
size = ysize + ysize / 2;
- if (ctx->codec->src_fourcc == V4L2_PIX_FMT_H264 &&
- dev->devtype->product != CODA_DX6)
+ /* Add space for mvcol buffers */
+ if (dev->devtype->product != CODA_DX6 &&
+ (ctx->codec->src_fourcc == V4L2_PIX_FMT_H264 ||
+ (ctx->codec->src_fourcc == V4L2_PIX_FMT_MPEG4 && i == 0)))
size += ysize / 4;
name = kasprintf(GFP_KERNEL, "fb%d", i);
if (!name) {