[PATCH 5.11 320/601] media: rkisp1: rsz: crash fix when setting src format

From: Greg Kroah-Hartman
Date: Wed May 12 2021 - 13:29:32 EST


From: Dafna Hirschfeld <dafna.hirschfeld@xxxxxxxxxxxxx>

[ Upstream commit cbe8373ca7e7cbb4b263b6bf222ccc19f5e119d2 ]

When setting the source media bus code in the resizer,
we first check that the current media bus code in the
source is yuv encoded format. This is done by
retrieving the data from the formats list of the isp
entity. This cause a crash when the media bus code on the
source is YUYV8_1_5X8 which is not supported by the isp
entity. Instead we should test the sink format of the resizer
which is guaranteed to be supported by the isp entity.

Fixes: 251b6eebb6c49 ("media: staging: rkisp1: rsz: Add support to more YUV encoded mbus codes on src pad")
Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@xxxxxxxxxxxxx>
Acked-by: Helen Koike <helen.koike@xxxxxxxxxxxxx>
Tested-by: Sebastian Fricke <sebastian.fricke.linux@xxxxxxxxx>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/media/platform/rockchip/rkisp1/rkisp1-resizer.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-resizer.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-resizer.c
index 813670ed9577..79deed8adcea 100644
--- a/drivers/media/platform/rockchip/rkisp1/rkisp1-resizer.c
+++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-resizer.c
@@ -520,14 +520,15 @@ static void rkisp1_rsz_set_src_fmt(struct rkisp1_resizer *rsz,
struct v4l2_mbus_framefmt *format,
unsigned int which)
{
- const struct rkisp1_isp_mbus_info *mbus_info;
- struct v4l2_mbus_framefmt *src_fmt;
+ const struct rkisp1_isp_mbus_info *sink_mbus_info;
+ struct v4l2_mbus_framefmt *src_fmt, *sink_fmt;

+ sink_fmt = rkisp1_rsz_get_pad_fmt(rsz, cfg, RKISP1_RSZ_PAD_SINK, which);
src_fmt = rkisp1_rsz_get_pad_fmt(rsz, cfg, RKISP1_RSZ_PAD_SRC, which);
- mbus_info = rkisp1_isp_mbus_info_get(src_fmt->code);
+ sink_mbus_info = rkisp1_isp_mbus_info_get(sink_fmt->code);

/* for YUV formats, userspace can change the mbus code on the src pad if it is supported */
- if (mbus_info->pixel_enc == V4L2_PIXEL_ENC_YUV &&
+ if (sink_mbus_info->pixel_enc == V4L2_PIXEL_ENC_YUV &&
rkisp1_rsz_get_yuv_mbus_info(format->code))
src_fmt->code = format->code;

--
2.30.2