| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Feb 2008 16:38:11 +0000
From: Robert Fitzsimons <robfitz@...k.net>
To: Mauro Carvalho Chehab <mchehab@...radead.org>
Cc: video4linux-list@...hat.com, linux-kernel@...r.kernel.org
Subject: [PATCH] bttv: Fix overlay divide error.
The initial work to convert the bttv driver to V4L2 "Partial conversion
from V4L1 to V4L2" (e84619b17440ccca4e4db7583d126c4189b987e5), missed
the line which set the appropriate overlay crop structure in the newly
allocated bttv_buffer. This then causes a divide error in the
bttv_calc_geo function.
Signed-off-by: Robert Fitzsimons <robfitz@...k.net>
---
drivers/media/video/bt8xx/bttv-driver.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
Hi Mauro
This patch against Linus's git tree fixes an overlay regression in the
bttv driver in 2.6.25-rc1.
Robert
divide error: 0000 [#1]
Modules linked in: usbhid hid ipt_MASQUERADE iptable_nat nf_nat ipt_LOG xt_limit xt_tcpudp nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables pppoe pppox ppp_generic slhc ipv6 tuner tea5767 tda8290 tda18271 tda827x tuner_xc2028 xc5000 tda9887 tuner_simple mt20xx tea5761 tvaudio msp3400 bttv videodev v4l1_compat ir_common compat_ioctl32 i2c_algo_bit v4l2_common videobuf_dma_sg videobuf_core btcx_risc tveeprom pcspkr i2c_core snd_bt87x ehci_hcd uhci_hcd sg usbcore sr_mod
Pid: 8691, comm: xawtv.bin Not tainted (2.6.25-rc1-00051-g96b5a46 #9)
EIP: 0060:[<e0addeb5>] EFLAGS: 00210246 CPU: 0
EIP is at bttv_calc_geo+0x1a5/0x287 [bttv]
EAX: 00000000 EBX: 00000180 ECX: 00000000 EDX: 00000000
ESI: 00000000 EDI: cbcc12a0 EBP: b8239dd8 ESP: b8239d98
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process xawtv.bin (pid: 8691, ti=b8239000 task=b71c5000 task.ti=b8239000)
Stack: 00000000 cbcc107c 00000000 e0af708c 81979820 0000002a 00200297 b8239de0
00000000 00000004 000000d0 00000054 803c028c 9a6ee4d8 00000000 e0ae3b90
b8239e04 e0ade946 00000120 00000000 e0ae3708 cbcc12d4 e0af708c 00000000
Call Trace:
[<e0ade946>] ? bttv_overlay_risc+0x98/0x12d [bttv]
[<e0adb60b>] ? bttv_overlay+0xa6/0xcd [bttv]
[<e09914af>] ? __video_do_ioctl+0x1076/0x2b48 [videodev]
[<80143e1d>] ? slob_page_alloc+0x144/0x19e
[<e099320e>] ? video_ioctl2+0x19f/0x24b [videodev]
[<80120a3a>] ? autoremove_wake_function+0x0/0x30
[<801230b4>] ? ktime_get+0x13/0x2f
[<802bc933>] ? unix_ioctl+0x83/0x8c
[<8027c46a>] ? sock_ioctl+0x1aa/0x1cb
[<e099306f>] ? video_ioctl2+0x0/0x24b [videodev]
[<8014eaa4>] ? vfs_ioctl+0x3c/0x4f
[<8014ecae>] ? do_vfs_ioctl+0x1f7/0x205
[<8019dae6>] ? copy_to_user+0x2a/0x34
[<8014ece8>] ? sys_ioctl+0x2c/0x48
[<801029b2>] ? syscall_call+0x7/0xb
=======================
Code: 5f 04 0f 46 45 e0 d1 ea 89 45 e0 89 c8 c1 e0 0c 01 d0 31 d2 f7 f3 8b 55 14 66 2d 00 10 66 89 47 06 89 d8 0f af 02 31 d2 8d 04 01 <f7> f1 8b 4d e0 8b 55 10 66 89 4f 0a 83 e0 fe 66 89 45 ca 66 89
EIP: [<e0addeb5>] bttv_calc_geo+0x1a5/0x287 [bttv] SS:ESP 0068:b8239d98
---[ end trace 588d2506a3db8987 ]---
diff --git a/drivers/media/video/bt8xx/bttv-driver.c b/drivers/media/video/bt8xx/bttv-driver.c
index 907dc62..c152b81 100644
--- a/drivers/media/video/bt8xx/bttv-driver.c
+++ b/drivers/media/video/bt8xx/bttv-driver.c
@@ -2760,6 +2760,7 @@ static int bttv_overlay(struct file *file, void *f, unsigned int on)
if (on) {
fh->ov.tvnorm = btv->tvnorm;
new = videobuf_pci_alloc(sizeof(*new));
+ new->crop = btv->crop[!!fh->do_crop].rect;
bttv_overlay_risc(btv, &fh->ov, fh->ovfmt, new);
} else {
new = NULL;
--
1.5.4.34.g053d9
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists