[PATCH] media: mtk-jpeg: fix setting plane paylod

Dafna Hirschfeld dafna.hirschfeld at collabora.com
Sat Jun 19 02:46:42 PDT 2021


In mtk_jpeg_buf_prepare, in case the format is V4L2_PIX_FMT_JPEG,
then the payload of the vb2_buffer planes can be overwritten
only if 'ctx->enable_exif' is true, in that case, the driver is
a jpeg encoder and the payload is determined by the driver.

If 'ctx->enable_exif' is not set and the format is V4L2_PIX_FMT_JPEG
then the payload might came from userspace (in case of a decoder)
and should not be overwritten by the driver.

In addition, the cb 'queue_setup' should add the MTK_JPEG_MAX_EXIF_SIZE
to the plane sizes in case the format is V4L2_PIX_FMT_JPEG
and ctx->enable_exif is set.

Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld at collabora.com>
---
 .../media/platform/mtk-jpeg/mtk_jpeg_core.c   | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c b/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c
index 88a23bce569d..397a27888a84 100644
--- a/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c
+++ b/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c
@@ -651,6 +651,7 @@ static int mtk_jpeg_queue_setup(struct vb2_queue *q,
 	struct mtk_jpeg_ctx *ctx = vb2_get_drv_priv(q);
 	struct mtk_jpeg_q_data *q_data = NULL;
 	struct mtk_jpeg_dev *jpeg = ctx->jpeg;
+	unsigned int exif_extra;
 	int i;
 
 	v4l2_dbg(1, debug, &jpeg->v4l2_dev, "(%d) buf_req count=%u\n",
@@ -660,18 +661,20 @@ static int mtk_jpeg_queue_setup(struct vb2_queue *q,
 	if (!q_data)
 		return -EINVAL;
 
+	exif_extra = ctx->enable_exif && V4L2_TYPE_IS_CAPTURE(q->type) ?
+		     MTK_JPEG_MAX_EXIF_SIZE : 0;
+
 	if (*num_planes) {
 		for (i = 0; i < *num_planes; i++)
-			if (sizes[i] < q_data->pix_mp.plane_fmt[i].sizeimage)
+			if (sizes[i] < q_data->pix_mp.plane_fmt[i].sizeimage + exif_extra)
 				return -EINVAL;
 		return 0;
 	}
 
 	*num_planes = q_data->fmt->colplanes;
 	for (i = 0; i < q_data->fmt->colplanes; i++) {
-		sizes[i] =  q_data->pix_mp.plane_fmt[i].sizeimage;
-		v4l2_dbg(1, debug, &jpeg->v4l2_dev, "sizeimage[%d]=%u\n",
-			 i, sizes[i]);
+		sizes[i] =  q_data->pix_mp.plane_fmt[i].sizeimage + exif_extra;
+		v4l2_dbg(1, debug, &jpeg->v4l2_dev, "sizes[%d]=%u\n", i, sizes[i]);
 	}
 
 	return 0;
@@ -690,12 +693,11 @@ static int mtk_jpeg_buf_prepare(struct vb2_buffer *vb)
 
 	for (i = 0; i < q_data->fmt->colplanes; i++) {
 		plane_fmt = q_data->pix_mp.plane_fmt[i];
-		if (ctx->enable_exif &&
-		    q_data->fmt->fourcc == V4L2_PIX_FMT_JPEG)
-			vb2_set_plane_payload(vb, i, plane_fmt.sizeimage +
+		if (q_data->fmt->fourcc != V4L2_PIX_FMT_JPEG)
+			vb2_set_plane_payload(vb, i, plane_fmt.sizeimage);
+		else if (ctx->enable_exif)
+			vb2_set_plane_payload(vb, i,  plane_fmt.sizeimage +
 					      MTK_JPEG_MAX_EXIF_SIZE);
-		else
-			vb2_set_plane_payload(vb, i,  plane_fmt.sizeimage);
 	}
 
 	return 0;
-- 
2.17.1




More information about the Linux-mediatek mailing list