The active and has_no_links arrays will overrun in media_entity_pipeline_start() if there's an entity which has more than MEDIA_ENTITY_MAX_PAD pads. Ensure in media_entity_init() that there are fewer pads than that.
Signed-off-by: Sakari Ailus sakari.ailus@linux.intel.com --- Hi Mauro,
Could you apply this before "media-entity.c: get rid of var length arrays", please?
Regards, Sakari
drivers/media/media-entity.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c index 064020d..66b8db0 100644 --- a/drivers/media/media-entity.c +++ b/drivers/media/media-entity.c @@ -241,6 +241,9 @@ media_entity_init(struct media_entity *entity, u16 num_pads, struct media_device *mdev = entity->graph_obj.mdev; unsigned int i;
+ if (num_pads >= MEDIA_ENTITY_MAX_PADS) + return -E2BIG; + entity->group_id = 0; entity->num_links = 0; entity->num_backlinks = 0;