| From 560ccb75c2caa6b1039dec1a53cd2ef526f5bf03 Mon Sep 17 00:00:00 2001 |
| From: Hans Verkuil <hverkuil-cisco@xs4all.nl> |
| Date: Fri, 9 Nov 2018 08:37:44 -0500 |
| Subject: media: vivid: free bitmap_cap when updating std/timings/etc. |
| |
| From: Hans Verkuil <hverkuil-cisco@xs4all.nl> |
| |
| commit 560ccb75c2caa6b1039dec1a53cd2ef526f5bf03 upstream. |
| |
| When vivid_update_format_cap() is called it should free any overlay |
| bitmap since the compose size will change. |
| |
| Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> |
| Reported-by: syzbot+0cc8e3cc63ca373722c6@syzkaller.appspotmail.com |
| Cc: <stable@vger.kernel.org> # for v3.18 and up |
| Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/media/platform/vivid/vivid-vid-cap.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/drivers/media/platform/vivid/vivid-vid-cap.c |
| +++ b/drivers/media/platform/vivid/vivid-vid-cap.c |
| @@ -452,6 +452,8 @@ void vivid_update_format_cap(struct vivi |
| tpg_s_rgb_range(&dev->tpg, v4l2_ctrl_g_ctrl(dev->rgb_range_cap)); |
| break; |
| } |
| + vfree(dev->bitmap_cap); |
| + dev->bitmap_cap = NULL; |
| vivid_update_quality(dev); |
| tpg_reset_source(&dev->tpg, dev->src_rect.width, dev->src_rect.height, dev->field_cap); |
| dev->crop_cap = dev->src_rect; |
