[PATCH] v4l2: fill the unused fields with zeros in case of VIDIOC_S_FMT

[PATCH] v4l2: fill the unused fields with zeros in case of VIDIOC_S_FMT

[Németh Márton]

The VIDIOC_S_FMT is a write-read ioctl: it sets the format and returns
the current format in case of success. The parameter of VIDIOC_S_FMT
ioctl is a pointer to struct v4l2_format. [1] This structure contains some
fields which are not used depending on the .type value. These unused
fields are filled with zeros with this patch.

The patch was tested with v4l-test 0.12 [2] with vivi and with
gspca_sunplus driver together with Trust 610 LCD POWERC@M ZOOM.

References:
[1] V4L2 API specification, revision 0.24
    http://v4l2spec.bytesex.org/spec/r10944.htm

[2] v4l-test: Test environment for Video For Linux Two API
    http://v4l-test.sourceforge.net/

Signed-off-by: Márton Németh <nm127@freemail.hu>
---
--- linux-2.6.30-rc3/drivers/media/video/v4l2-ioctl.c.orig	2009-04-22 05:07:00.000000000 +0200
+++ linux-2.6.30-rc3/drivers/media/video/v4l2-ioctl.c	2009-04-25 09:05:42.000000000 +0200
@@ -777,44 +777,61 @@
 	{
 		struct v4l2_format *f = (struct v4l2_format *)arg;

+#define CLEAR_UNUSED_FIELDS(data, last_member) \
+	memset(((u8 *)f)+ \
+		offsetof(struct v4l2_format, fmt)+ \
+		sizeof(struct v4l2_ ## last_member), \
+		0, \
+		sizeof(*f)- \
+		offsetof(struct v4l2_format, fmt)+ \
+		sizeof(struct v4l2_ ## last_member))
+
 		/* FIXME: Should be one dump per type */
 		dbgarg(cmd, "type=%s\n", prt_names(f->type, v4l2_type_names));

 		switch (f->type) {
 		case V4L2_BUF_TYPE_VIDEO_CAPTURE:
+			CLEAR_UNUSED_FIELDS(f, pix_format);
 			v4l_print_pix_fmt(vfd, &f->fmt.pix);
 			if (ops->vidioc_s_fmt_vid_cap)
 				ret = ops->vidioc_s_fmt_vid_cap(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_VIDEO_OVERLAY:
+			CLEAR_UNUSED_FIELDS(f, window);
 			if (ops->vidioc_s_fmt_vid_overlay)
 				ret = ops->vidioc_s_fmt_vid_overlay(file,
 								    fh, f);
 			break;
 		case V4L2_BUF_TYPE_VIDEO_OUTPUT:
+			CLEAR_UNUSED_FIELDS(f, pix_format);
 			v4l_print_pix_fmt(vfd, &f->fmt.pix);
 			if (ops->vidioc_s_fmt_vid_out)
 				ret = ops->vidioc_s_fmt_vid_out(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
+			CLEAR_UNUSED_FIELDS(f, window);
 			if (ops->vidioc_s_fmt_vid_out_overlay)
 				ret = ops->vidioc_s_fmt_vid_out_overlay(file,
 					fh, f);
 			break;
 		case V4L2_BUF_TYPE_VBI_CAPTURE:
+			CLEAR_UNUSED_FIELDS(f, vbi_format);
 			if (ops->vidioc_s_fmt_vbi_cap)
 				ret = ops->vidioc_s_fmt_vbi_cap(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_VBI_OUTPUT:
+			CLEAR_UNUSED_FIELDS(f, vbi_format);
 			if (ops->vidioc_s_fmt_vbi_out)
 				ret = ops->vidioc_s_fmt_vbi_out(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
+			CLEAR_UNUSED_FIELDS(f, sliced_vbi_format);
 			if (ops->vidioc_s_fmt_sliced_vbi_cap)
 				ret = ops->vidioc_s_fmt_sliced_vbi_cap(file,
 									fh, f);
 			break;
 		case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
+			CLEAR_UNUSED_FIELDS(f, sliced_vbi_format);
 			if (ops->vidioc_s_fmt_sliced_vbi_out)
 				ret = ops->vidioc_s_fmt_sliced_vbi_out(file,
 									fh, f);

Re: [PATCH] v4l2: fill the unused fields with zeros in case of VIDIOC_S_FMT

[Trent Piepho]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 1238 bytes --]

On Sat, 25 Apr 2009, [UTF-8] Németh Márton wrote:
> The VIDIOC_S_FMT is a write-read ioctl: it sets the format and returns
> the current format in case of success. The parameter of VIDIOC_S_FMT
> ioctl is a pointer to struct v4l2_format. [1] This structure contains some
> fields which are not used depending on the .type value. These unused
> fields are filled with zeros with this patch.

It's a union, so it's not really the case the the fields are unused.  If
it's a non-private format, the structure will have some empty padding space
at the end of the structure after the last field for the format's type.
Since it's just padding space and there are no fields defined, I don't
think we have to clear it.

>  		struct v4l2_format *f = (struct v4l2_format *)arg;
>
> +#define CLEAR_UNUSED_FIELDS(data, last_member) \
> +	memset(((u8 *)f)+ \
> +		offsetof(struct v4l2_format, fmt)+ \
> +		sizeof(struct v4l2_ ## last_member), \
> +		0, \
> +		sizeof(*f)- \
> +		offsetof(struct v4l2_format, fmt)+ \
> +		sizeof(struct v4l2_ ## last_member))
> +

What is "data" used for?  The length in your memset is wrong.  You didn't
run this through "make patch" did you?  Because there are spacing/formatting
errors that that would have caught.

Re: [PATCH] v4l2: fill the unused fields with zeros in case of VIDIOC_S_FMT

[Németh Márton]

Trent Piepho wrote:
> On Sat, 25 Apr 2009, [UTF-8] Németh Márton wrote:
>> The VIDIOC_S_FMT is a write-read ioctl: it sets the format and returns
>> the current format in case of success. The parameter of VIDIOC_S_FMT
>> ioctl is a pointer to struct v4l2_format. [1] This structure contains some
>> fields which are not used depending on the .type value. These unused
>> fields are filled with zeros with this patch.
> 
> It's a union, so it's not really the case the the fields are unused.  If
> it's a non-private format, the structure will have some empty padding space
> at the end of the structure after the last field for the format's type.

Maybe I used the wrong word: my intention was to clear the unused padding bytes
at the end of the fmt union.

> Since it's just padding space and there are no fields defined, I don't
> think we have to clear it.

Think about a case when in a future kernel version one additional field
is defined for example for struct v4l2_pix_format. Then an application is
built with this extended structure. When the application runs on an older
kernel then this new field will be not touched by the older kernel in other
words the last field(s) of struct v4l2_pix_format will be uninitialized.

The other reason why I think is useful to fill the padding bytes with zero
is that this prevents doing dirty tricks between the application and the
driver, for example communicating through padding bytes in case of a
non-private format.

>>  		struct v4l2_format *f = (struct v4l2_format *)arg;
>>
>> +#define CLEAR_UNUSED_FIELDS(data, last_member) \
>> +	memset(((u8 *)f)+ \
>> +		offsetof(struct v4l2_format, fmt)+ \
>> +		sizeof(struct v4l2_ ## last_member), \
>> +		0, \
>> +		sizeof(*f)- \
>> +		offsetof(struct v4l2_format, fmt)+ \
>> +		sizeof(struct v4l2_ ## last_member))
>> +
> 
> What is "data" used for?  The length in your memset is wrong.  You didn't
> run this through "make patch" did you?  Because there are spacing/formatting
> errors that that would have caught.

Thank you for pointing out these problems. I'll send an update soon.

I don't know anything about "make patch", but I have run the
linux/scripts/checkpatch.pl against my patch and it found the patch OK.

Regards,

	Márton Németh

Re: [PATCH] v4l2: fill the unused fields with zeros in case of VIDIOC_S_FMT

[Németh Márton]

The VIDIOC_S_FMT is a write-read ioctl: it sets the format and returns
the current format in case of success. The parameter of VIDIOC_S_FMT
ioctl is a pointer to struct v4l2_format. [1] This structure contains
a fmt union so there are some padding bytes which are not used depending
on the .type value. These unused bytes are filled with zeros with this patch.

The patch was tested with v4l-test 0.12 [2] with vivi and with
gspca_sunplus driver together with Trust 610 LCD POWERC@M ZOOM.

References:
[1] V4L2 API specification, revision 0.24
    http://v4l2spec.bytesex.org/spec/r10944.htm

[2] v4l-test: Test environment for Video For Linux Two API
    http://v4l-test.sourceforge.net/

Signed-off-by: Márton Németh <nm127@freemail.hu>
---
--- linux/drivers/media/video/v4l2-ioctl.c.orig	2009-04-22 05:07:00.000000000 +0200
+++ linux/drivers/media/video/v4l2-ioctl.c	2009-04-26 06:29:20.000000000 +0200
@@ -777,44 +777,61 @@ static long __video_do_ioctl(struct file
 	{
 		struct v4l2_format *f = (struct v4l2_format *)arg;

+#define CLEAR_UNUSED_FIELDS(data, last_member) \
+	memset(((u8 *)data)+ \
+		offsetof(struct v4l2_format, fmt)+ \
+		sizeof(struct v4l2_ ## last_member), \
+		0, \
+		sizeof(*(data))- \
+		(offsetof(struct v4l2_format, fmt)+ \
+		sizeof(struct v4l2_ ## last_member)))
+
 		/* FIXME: Should be one dump per type */
 		dbgarg(cmd, "type=%s\n", prt_names(f->type, v4l2_type_names));

 		switch (f->type) {
 		case V4L2_BUF_TYPE_VIDEO_CAPTURE:
+			CLEAR_UNUSED_FIELDS(f, pix_format);
 			v4l_print_pix_fmt(vfd, &f->fmt.pix);
 			if (ops->vidioc_s_fmt_vid_cap)
 				ret = ops->vidioc_s_fmt_vid_cap(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_VIDEO_OVERLAY:
+			CLEAR_UNUSED_FIELDS(f, window);
 			if (ops->vidioc_s_fmt_vid_overlay)
 				ret = ops->vidioc_s_fmt_vid_overlay(file,
 								    fh, f);
 			break;
 		case V4L2_BUF_TYPE_VIDEO_OUTPUT:
+			CLEAR_UNUSED_FIELDS(f, pix_format);
 			v4l_print_pix_fmt(vfd, &f->fmt.pix);
 			if (ops->vidioc_s_fmt_vid_out)
 				ret = ops->vidioc_s_fmt_vid_out(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
+			CLEAR_UNUSED_FIELDS(f, window);
 			if (ops->vidioc_s_fmt_vid_out_overlay)
 				ret = ops->vidioc_s_fmt_vid_out_overlay(file,
 					fh, f);
 			break;
 		case V4L2_BUF_TYPE_VBI_CAPTURE:
+			CLEAR_UNUSED_FIELDS(f, vbi_format);
 			if (ops->vidioc_s_fmt_vbi_cap)
 				ret = ops->vidioc_s_fmt_vbi_cap(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_VBI_OUTPUT:
+			CLEAR_UNUSED_FIELDS(f, vbi_format);
 			if (ops->vidioc_s_fmt_vbi_out)
 				ret = ops->vidioc_s_fmt_vbi_out(file, fh, f);
 			break;
 		case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
+			CLEAR_UNUSED_FIELDS(f, sliced_vbi_format);
 			if (ops->vidioc_s_fmt_sliced_vbi_cap)
 				ret = ops->vidioc_s_fmt_sliced_vbi_cap(file,
 									fh, f);
 			break;
 		case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
+			CLEAR_UNUSED_FIELDS(f, sliced_vbi_format);
 			if (ops->vidioc_s_fmt_sliced_vbi_out)
 				ret = ops->vidioc_s_fmt_sliced_vbi_out(file,
 									fh, f);