From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4B5E61061B12 for ; Mon, 30 Mar 2026 15:55:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:MIME-Version:Content-Type: References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=xvfnu8n9xWUUX3eTGlWSUWqJseakKmLqFYYbqi1qNng=; b=vok+kdlsaPMspSJHDo97Rrh3N2 rrazG0AQwKq53UKhLyiljvArUQGIaveH9cukqz6Y0uIp9UmLxTpXI0aL8/1eWih84orsWHL5QOjkK MVu3X9ZVyFBjBgOjjmVKmkofcuFN/IkT5shRO+KwqQyFk0uyuJeR1HpmLHS5ztrHK5VmukvXoNV8o MPUWyscBwVDqo8rDLGF6i02k7zdmGdCvbwN1cmNaAbYhq6Gp9809nkSWlvTjcp4v4p0msJ6nl5cFK XCey34gDiCQrsOr+W/elb6Lp2OGmHM26zccr1PYprIqItoS9fz6DnPDg0z9NAvehwTyVjYTzcMHpY 2B+JD9TA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1w7Exh-0000000BbJA-492t; Mon, 30 Mar 2026 15:55:33 +0000 Received: from bali.collaboradmins.com ([2a01:4f8:201:9162::2]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1w7Exf-0000000BbHw-2dew for linux-arm-kernel@lists.infradead.org; Mon, 30 Mar 2026 15:55:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1774886129; bh=xvfnu8n9xWUUX3eTGlWSUWqJseakKmLqFYYbqi1qNng=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=Sc68ieIfol+IQE7DIOloK1UgnGU8qNDmo2WSaON4sgBfUtYPS9via3VA7tGbBTORr NazvT2v44pBTyMSY2i3icaKZnD6a6cUy0N570nGKn3KVANxwB0voefSZlYxARSz6TR wGPxDRKtvLUvbU41H0gGyp+aHrYqS5/WBzMUfntfjUMqQi915joFlF9ROsUNEtLU8E zitiLECuoGbdiFzuaI5QqFjGvCmyl1n5KQgznx5i5zr5XyoJU8XIDjb40SnBdetlfd lXcjWISzqvOeBWzTbmhCANbHKMtZMyxRps9ecCxSKJstmoLI0Nv8WyGD4nuy7decj0 15u1ufIR/pRMQ== Received: from [IPv6:2606:6d00:15:e06b::c41] (unknown [IPv6:2606:6d00:15:e06b::c41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: nicolas) by bali.collaboradmins.com (Postfix) with ESMTPSA id A680C17E4886; Mon, 30 Mar 2026 17:55:27 +0200 (CEST) Message-ID: <603785eb48d69bc50c0296fc696eb0985c2a3ac5.camel@collabora.com> Subject: Re: [PATCH] media: cedrus: skip invalid H.264 reference list entries From: Nicolas Dufresne To: wens@kernel.org, Jernej =?UTF-8?Q?=C5=A0krabec?= Cc: mripard@kernel.org, Pengpeng Hou , paulk@sys-base.io, mchehab@kernel.org, gregkh@linuxfoundation.org, samuel@sholland.org, linux-media@vger.kernel.org, linux-staging@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-sunxi@lists.linux.dev, linux-kernel@vger.kernel.org Date: Mon, 30 Mar 2026 11:55:26 -0400 In-Reply-To: References: <20260324080856.56787-1-pengpeng@iscas.ac.cn> <2823210.mvXUDI8C0e@jernej-laptop> Autocrypt: addr=nicolas.dufresne@collabora.com; prefer-encrypt=mutual; keydata=mDMEaCN2ixYJKwYBBAHaRw8BAQdAM0EHepTful3JOIzcPv6ekHOenE1u0vDG1gdHFrChD /e0J05pY29sYXMgRHVmcmVzbmUgPG5pY29sYXNAbmR1ZnJlc25lLmNhPoicBBMWCgBEAhsDBQsJCA cCAiICBhUKCQgLAgQWAgMBAh4HAheABQkJZfd1FiEE7w1SgRXEw8IaBG8S2UGUUSlgcvQFAmibrjo CGQEACgkQ2UGUUSlgcvQlQwD/RjpU1SZYcKG6pnfnQ8ivgtTkGDRUJ8gP3fK7+XUjRNIA/iXfhXMN abIWxO2oCXKf3TdD7aQ4070KO6zSxIcxgNQFtDFOaWNvbGFzIER1ZnJlc25lIDxuaWNvbGFzLmR1Z nJlc25lQGNvbGxhYm9yYS5jb20+iJkEExYKAEECGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4 AWIQTvDVKBFcTDwhoEbxLZQZRRKWBy9AUCaCyyxgUJCWX3dQAKCRDZQZRRKWBy9ARJAP96pFmLffZ smBUpkyVBfFAf+zq6BJt769R0al3kHvUKdgD9G7KAHuioxD2v6SX7idpIazjzx8b8rfzwTWyOQWHC AAS0LU5pY29sYXMgRHVmcmVzbmUgPG5pY29sYXMuZHVmcmVzbmVAZ21haWwuY29tPoiZBBMWCgBBF iEE7w1SgRXEw8IaBG8S2UGUUSlgcvQFAmibrGYCGwMFCQll93UFCwkIBwICIgIGFQoJCAsCBBYCAw ECHgcCF4AACgkQ2UGUUSlgcvRObgD/YnQjfi4+L8f4fI7p1pPMTwRTcaRdy6aqkKEmKsCArzQBAK8 bRLv9QjuqsE6oQZra/RB4widZPvphs78H0P6NmpIJ Organization: Collabora Canada Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-UJIS4LK7twx1My3JsxhL" User-Agent: Evolution 3.58.3 (3.58.3-1.fc43) MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260330_085531_842669_644190BF X-CRM114-Status: GOOD ( 13.06 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org --=-UJIS4LK7twx1My3JsxhL Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Le dimanche 29 mars 2026 =C3=A0 20:44 +0800, Chen-Yu Tsai a =C3=A9crit=C2= =A0: > On Sun, Mar 29, 2026 at 5:21=E2=80=AFPM Jernej =C5=A0krabec wrote: > >=20 > > Dne torek, 24. marec 2026 ob 09:08:56 Srednjeevropski poletni =C4=8Das = je Pengpeng Hou napisal(a): > > > Cedrus consumes H.264 ref_pic_list0/ref_pic_list1 entries from the > > > stateless slice control and later uses their indices to look up > > > decode->dpb[] in _cedrus_write_ref_list(). > > >=20 > > > Rejecting such controls in cedrus_try_ctrl() would break existing > > > userspace, since stateless H.264 reference lists may legitimately car= ry > > > out-of-range indices for missing references. Instead, guard the actua= l > > > DPB lookup in Cedrus and skip entries whose indices do not fit the fi= xed > > > V4L2_H264_NUM_DPB_ENTRIES array. > > >=20 > > > This keeps the fix local to the driver use site and avoids out-of-bou= nds > > > reads from malformed or unsupported reference list entries. > > >=20 > > > Signed-off-by: Pengpeng Hou > >=20 > > Acked-by: Jernej Skrabec >=20 > Tested-by: Chen-Yu Tsai >=20 > This fixes a KASAN slab-use-after-free warning when running fluster H.264 > tests. Ah, very good, can you cite which test caused that ? I didn't expect fluste= r to cover cases with missing references. I think it will be handy for future testing. Nicolas --=-UJIS4LK7twx1My3JsxhL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQTvDVKBFcTDwhoEbxLZQZRRKWBy9AUCacqc7gAKCRDZQZRRKWBy 9FkKAP0bRa5EpH2LNXuNv/NodKoSH3KIa/khjuqrhbX9hctiygEA85x995KxTAzc dj+/4z58jnmVuiq/T+Q69UrRdK9ypAg= =STk2 -----END PGP SIGNATURE----- --=-UJIS4LK7twx1My3JsxhL--