3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil-ci...@xs4all.nl>
commit 560ccb75c2caa6b1039dec1a53cd2ef526f5bf03 upstream.
When vivid_update_format_cap() is called it should free any overlay
bitmap since the compose size will change.
Signed-off-by: Hans Verkuil <hverkuil-ci...@xs4all.nl>
Reported-by: syzbot+0cc8e3cc63ca37372...@syzkaller.appspotmail.com
Cc: <sta...@vger.kernel.org> # for v3.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+sams...@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
drivers/media/platform/vivid/vivid-vid-cap.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/media/platform/vivid/vivid-vid-cap.c
+++ b/drivers/media/platform/vivid/vivid-vid-cap.c
@@ -454,6 +454,8 @@ void vivid_update_format_cap(struct vivi
tpg_s_rgb_range(&dev->tpg,
v4l2_ctrl_g_ctrl(dev->rgb_range_cap));
break;
}
+ vfree(dev->bitmap_cap);
+ dev->bitmap_cap = NULL;
vivid_update_quality(dev);
tpg_reset_source(&dev->tpg, dev->src_rect.width, dev->src_rect.height,
dev->field_cap);
dev->crop_cap = dev->src_rect;
