From patchwork Fri Nov 9 13:37:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Verkuil X-Patchwork-Id: 10675909 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 781D514E2 for ; Fri, 9 Nov 2018 13:37:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D6AA2EAED for ; Fri, 9 Nov 2018 13:37:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 51CAA2EAF8; Fri, 9 Nov 2018 13:37:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE1932EAED for ; Fri, 9 Nov 2018 13:37:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727784AbeKIXS3 (ORCPT ); Fri, 9 Nov 2018 18:18:29 -0500 Received: from lb3-smtp-cloud7.xs4all.net ([194.109.24.31]:37679 "EHLO lb3-smtp-cloud7.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727667AbeKIXS3 (ORCPT ); Fri, 9 Nov 2018 18:18:29 -0500 Received: from [IPv6:2001:420:44c1:2579:64ae:ee5d:da4d:25e4] ([IPv6:2001:420:44c1:2579:64ae:ee5d:da4d:25e4]) by smtp-cloud7.xs4all.net with ESMTPA id L6ymgYC3Sw2L8L6ypgoHJi; Fri, 09 Nov 2018 14:37:47 +0100 To: Linux Media Mailing List From: Hans Verkuil Subject: [PATCH] vivid: free bitmap_cap when updating std/timings/etc. Message-ID: <87284cfc-feea-41fe-cbbd-879a14ae8a6b@xs4all.nl> Date: Fri, 9 Nov 2018 14:37:44 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 Content-Language: en-US X-CMAE-Envelope: MS4wfOFVkSTJRCmohTHj31+FTq/7DhyyqV42qttsT3yvGS5aCKMop9nlAsyR6Fa2pb+N02gbpylSo3qUSVma4zBwKJTMJQ7/FzNMJeh3cuxLPhZ94h9IRb7k clzOZdltFj+E01Tb5hTJG0RnIKgGWQwZT5m2IV7wahe1t8Fu4PcKDcn4x7YCmzfUe2X8alXAbHPrtNE/DE3D9Cg/lUQ6+xkSakN6u6ENY9Bj3WwnZGuQYvA9 MdmMJSLFzMQbzwGdXvuLsmGttz6JJfhYAEg2mSX1ToXGhHKnaVuXDIHez0G616zG Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When vivid_update_format_cap() is called it should free any overlay bitmap since the compose size will change. Signed-off-by: Hans Verkuil Reported-by: syzbot+0cc8e3cc63ca373722c6@syzkaller.appspotmail.com --- drivers/media/platform/vivid/vivid-vid-cap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/platform/vivid/vivid-vid-cap.c b/drivers/media/platform/vivid/vivid-vid-cap.c index 9c8e8be81ce3..46d4e53ce763 100644 --- a/drivers/media/platform/vivid/vivid-vid-cap.c +++ b/drivers/media/platform/vivid/vivid-vid-cap.c @@ -451,6 +451,8 @@ void vivid_update_format_cap(struct vivid_dev *dev, bool keep_controls) tpg_s_rgb_range(&dev->tpg, v4l2_ctrl_g_ctrl(dev->rgb_range_cap)); break; } + vfree(dev->bitmap_cap); + dev->bitmap_cap = NULL; vivid_update_quality(dev); tpg_reset_source(&dev->tpg, dev->src_rect.width, dev->src_rect.height, dev->field_cap); dev->crop_cap = dev->src_rect;