From: Dave Stevenson <dave.steven...@raspberrypi.org>
Fixes a v4l2-compliance failure when passed a buffer that is
too small.
queue_setup wasn't handling the case where !(*nplanes), as
used from CREATE_BUFS and requiring the driver to sanity
check the provided buffer parameters. It was assuming that
it was always being used in the REQBUFS case where it provides
the buffer properties.
Signed-off-by: Dave Stevenson <dave.steven...@raspberrypi.org>
---
.../vc04_services/bcm2835-camera/bcm2835-camera.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
index 256667b..705644c 100644
--- a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
+++ b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
@@ -236,6 +236,22 @@ static int queue_setup(struct vb2_queue *vq,
return -EINVAL;
}
+ /* Handle CREATE_BUFS situation - *nplanes != 0 */
+ if (*nplanes) {
+ if (*nplanes != 1 ||
+ sizes[0] < dev->capture.port->current_buffer.size) {
+ v4l2_dbg(1, bcm2835_v4l2_debug, &dev->v4l2_dev,
+ "%s: dev:%p Invalid buffer request from
CREATE_BUFS, size %u < %u, nplanes %u != 1\n",
+ __func__, dev, sizes[0],
+ dev->capture.port->current_buffer.size,
+ *nplanes);
+ return -EINVAL;
+ } else {
+ return 0;
+ }
+ }
+
+ /* Handle REQBUFS situation */
size = dev->capture.port->current_buffer.size;
if (size == 0) {
v4l2_err(&dev->v4l2_dev,
--
2.7.4
