Commit 429e9089 authored by Hans Verkuil's avatar Hans Verkuil Committed by Mauro Carvalho Chehab

V4L/DVB (8546): saa7146: fix read from uninitialized memory

The offset field of the scatterlist entry *after* the last valid scatterlist
entry was used instead of the first scatterlist entry (as was the intention
of this code).

This worked fine until the kzalloc of the sglist was replaced with kmalloc
and sg_init_table only zeroed the exact needed length. Apparently kzalloc
zeroes a bit more than is strictly necessary so the offset field was
always 0 in the past.

But now the offset field was suddenly random and this led to broken captures.
Signed-off-by: default avatarHans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@infradead.org>
parent ee56a4d3
...@@ -656,7 +656,7 @@ static int saa7146_pgtable_build(struct saa7146_dev *dev, struct saa7146_buf *bu ...@@ -656,7 +656,7 @@ static int saa7146_pgtable_build(struct saa7146_dev *dev, struct saa7146_buf *bu
/* if we have a user buffer, the first page may not be /* if we have a user buffer, the first page may not be
aligned to a page boundary. */ aligned to a page boundary. */
pt1->offset = list->offset; pt1->offset = dma->sglist->offset;
pt2->offset = pt1->offset+o1; pt2->offset = pt1->offset+o1;
pt3->offset = pt1->offset+o2; pt3->offset = pt1->offset+o2;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment