提交 67e86524 编写于 作者: G Guennadi Liakhovetski 提交者: Mauro Carvalho Chehab

[media] V4L: mx2-camera: avoid overflowing 32-bits

In mx2_camera_try_fmt(), when applying i.MX25 restrictions to frame sizes,
the height is checked to be <= 0xffff. But later an integer multiplication
height * 4 * 0x3ffff is performed, which will overflow even for bounded
height values. This patch switches to using 64-bit multiplication and
division to avoid overflowing.
Signed-off-by: NGuennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
上级 fc13baff
......@@ -22,6 +22,7 @@
#include <linux/gcd.h>
#include <linux/interrupt.h>
#include <linux/kernel.h>
#include <linux/math64.h>
#include <linux/mm.h>
#include <linux/moduleparam.h>
#include <linux/time.h>
......@@ -1400,8 +1401,8 @@ static int mx2_camera_try_fmt(struct soc_camera_device *icd,
/* Check against the CSIRXCNT limit */
if (pix->sizeimage > 4 * 0x3ffff) {
/* Adjust geometry, preserve aspect ratio */
unsigned int new_height = int_sqrt(4 * 0x3ffff *
pix->height / pix->bytesperline);
unsigned int new_height = int_sqrt(div_u64(0x3ffffULL *
4 * pix->height, pix->bytesperline));
pix->width = new_height * pix->width / pix->height;
pix->height = new_height;
pix->bytesperline = soc_mbus_bytes_per_line(pix->width,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册