From 560ccb75c2caa6b1039dec1a53cd2ef526f5bf03 Mon Sep 17 00:00:00 2001
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Date: Fri, 9 Nov 2018 08:37:44 -0500
Subject: [PATCH] media: vivid: free bitmap_cap when updating std/timings/etc.
Git-commit: 560ccb75c2caa6b1039dec1a53cd2ef526f5bf03
Patch-mainline: v5.0-rc1
References: bsc#1051510
When vivid_update_format_cap() is called it should free any overlay
bitmap since the compose size will change.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reported-by: syzbot+0cc8e3cc63ca373722c6@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org> # for v3.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
drivers/media/platform/vivid/vivid-vid-cap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/vivid/vivid-vid-cap.c b/drivers/media/platform/vivid/vivid-vid-cap.c
index 8213297ee9dc..a1ed5fdabc75 100644
--- a/drivers/media/platform/vivid/vivid-vid-cap.c
+++ b/drivers/media/platform/vivid/vivid-vid-cap.c
@@ -451,6 +451,8 @@ void vivid_update_format_cap(struct vivid_dev *dev, bool keep_controls)
tpg_s_rgb_range(&dev->tpg, v4l2_ctrl_g_ctrl(dev->rgb_range_cap));
break;
}
+ vfree(dev->bitmap_cap);
+ dev->bitmap_cap = NULL;
vivid_update_quality(dev);
tpg_reset_source(&dev->tpg, dev->src_rect.width, dev->src_rect.height, dev->field_cap);
dev->crop_cap = dev->src_rect;
--
2.16.4