[PATCH] media: cedrus: skip invalid H.264 reference list entries
Jernej Škrabec
jernej.skrabec at gmail.com
Sun Mar 29 02:21:53 PDT 2026
Dne torek, 24. marec 2026 ob 09:08:56 Srednjeevropski poletni čas je Pengpeng Hou napisal(a):
> Cedrus consumes H.264 ref_pic_list0/ref_pic_list1 entries from the
> stateless slice control and later uses their indices to look up
> decode->dpb[] in _cedrus_write_ref_list().
>
> Rejecting such controls in cedrus_try_ctrl() would break existing
> userspace, since stateless H.264 reference lists may legitimately carry
> out-of-range indices for missing references. Instead, guard the actual
> DPB lookup in Cedrus and skip entries whose indices do not fit the fixed
> V4L2_H264_NUM_DPB_ENTRIES array.
>
> This keeps the fix local to the driver use site and avoids out-of-bounds
> reads from malformed or unsupported reference list entries.
>
> Signed-off-by: Pengpeng Hou <pengpeng at iscas.ac.cn>
Acked-by: Jernej Skrabec <jernej.skrabec at gmail.com>
Best regards,
Jernej
More information about the linux-arm-kernel
mailing list