• Hans Verkuil's avatar
    [media] vb2: fix nasty vb2_thread regression · fac710e4
    Hans Verkuil authored
    The vb2_thread implementation was made generic and was moved from
    videobuf2-v4l2.c to videobuf2-core.c in commit af3bac1a. Unfortunately
    that clearly was never tested since it broke read() causing NULL address
    references.
    
    The root cause was confused handling of vb2_buffer vs v4l2_buffer (the pb
    pointer in various core functions).
    
    The v4l2_buffer no longer exists after moving the code into the core and
    it is no longer needed. However, the vb2_thread code passed a pointer to
    a vb2_buffer to the core functions were a v4l2_buffer pointer was expected
    and vb2_thread expected that the vb2_buffer fields would be filled in
    correctly.
    
    This is obviously wrong since v4l2_buffer != vb2_buffer. Note that the
    pb pointer is a void pointer, so no type-checking took place.
    
    This patch fixes this problem:
    
    1) allow pb to be NULL for vb2_core_(d)qbuf. The vb2_thread code will use
       a NULL pointer here since they don't care about v4l2_buffer anyway.
    2) let vb2_core_dqbuf pass back the index of the received buffer. This is
       all vb2_thread needs: this index is the index into the q->bufs array
       and vb2_thread just gets the vb2_buffer from there.
    3) the fileio->b pointer (that originally contained a v4l2_buffer) is
       removed altogether since it is no longer needed.
    
    Tested with vivid and the cobalt driver.
    
    Cc: stable@vger.kernel.org # Kernel >= 4.3
    Signed-off-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
    Reported-by: default avatarMatthias Schwarzott <zzam@gentoo.org>
    Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@osg.samsung.com>
    fac710e4
videobuf2-v4l2.c 31.5 KB