msm: vidc: Initialize kernel space stack variables
This change initializes kernel space stack variables
that are passed between kernel space and user space
using ioctls.
Non initialization of these variables may lead to
leakage of memory values from the kernel stack to
user space.
Change-Id: Icb195470545ee48b55671ac09798610178e833e1
CRs-fixed: 556771,563420
Signed-off-by: Deepak Verma <dverma@codeaurora.org>
diff --git a/drivers/video/msm/vidc/common/dec/vdec.c b/drivers/video/msm/vidc/common/dec/vdec.c
index a843889..e74f2a6 100644
--- a/drivers/video/msm/vidc/common/dec/vdec.c
+++ b/drivers/video/msm/vidc/common/dec/vdec.c
@@ -1931,6 +1931,8 @@
case VDEC_IOCTL_SET_PICRES:
{
struct vdec_picsize video_resoultion;
+ memset((void *)&video_resoultion, 0,
+ sizeof(struct vdec_picsize));
DBG("VDEC_IOCTL_SET_PICRES\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -1946,6 +1948,8 @@
case VDEC_IOCTL_GET_PICRES:
{
struct vdec_picsize video_resoultion;
+ memset((void *)&video_resoultion, 0,
+ sizeof(struct vdec_picsize));
DBG("VDEC_IOCTL_GET_PICRES\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -1969,6 +1973,10 @@
struct vdec_allocatorproperty vdec_buf_req;
struct vcd_buffer_requirement buffer_req;
DBG("VDEC_IOCTL_SET_BUFFER_REQ\n");
+ memset((void *)&vdec_buf_req, 0,
+ sizeof(struct vdec_allocatorproperty));
+ memset((void *)&buffer_req, 0,
+ sizeof(struct vcd_buffer_requirement));
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2018,6 +2026,8 @@
case VDEC_IOCTL_GET_BUFFER_REQ:
{
struct vdec_allocatorproperty vdec_buf_req;
+ memset((void *)&vdec_buf_req, 0,
+ sizeof(struct vdec_allocatorproperty));
DBG("VDEC_IOCTL_GET_BUFFER_REQ\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2049,6 +2059,8 @@
case VDEC_IOCTL_SET_BUFFER:
{
struct vdec_setbuffer_cmd setbuffer;
+ memset((void *)&setbuffer, 0,
+ sizeof(struct vdec_setbuffer_cmd));
DBG("VDEC_IOCTL_SET_BUFFER\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2063,6 +2075,8 @@
case VDEC_IOCTL_FREE_BUFFER:
{
struct vdec_setbuffer_cmd setbuffer;
+ memset((void *)&setbuffer, 0,
+ sizeof(struct vdec_setbuffer_cmd));
DBG("VDEC_IOCTL_FREE_BUFFER\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2112,6 +2126,8 @@
struct vdec_input_frameinfo input_frame_info;
u8 *desc_buf = NULL;
u32 desc_size = 0;
+ memset((void *)&input_frame_info, 0,
+ sizeof(struct vdec_input_frameinfo));
DBG("VDEC_IOCTL_DECODE_FRAME\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2146,7 +2162,7 @@
}
case VDEC_IOCTL_GET_PERF_LEVEL:
{
- u32 curr_perf_level;
+ u32 curr_perf_level = 0;
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
result = vid_dec_get_curr_perf_level(client_ctx,
@@ -2171,6 +2187,8 @@
case VDEC_IOCTL_FILL_OUTPUT_BUFFER:
{
struct vdec_fillbuffer_cmd fill_buffer_cmd;
+ memset((void *)&fill_buffer_cmd, 0,
+ sizeof(struct vdec_fillbuffer_cmd));
DBG("VDEC_IOCTL_FILL_OUTPUT_BUFFER\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2200,6 +2218,8 @@
case VDEC_IOCTL_GET_NEXT_MSG:
{
struct vdec_msginfo vdec_msg_info;
+ memset((void *)&vdec_msg_info, 0,
+ sizeof(struct vdec_msginfo));
DBG("VDEC_IOCTL_GET_NEXT_MSG\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2223,6 +2243,10 @@
struct vdec_seqheader seq_header;
struct vcd_sequence_hdr vcd_seq_hdr;
unsigned long ionflag;
+ memset((void *)&seq_header, 0,
+ sizeof(struct vdec_seqheader));
+ memset((void *)&vcd_seq_hdr, 0,
+ sizeof(struct vcd_sequence_hdr));
DBG("VDEC_IOCTL_SET_SEQUENCE_HEADER\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg))) {
ERR("Copy from user vdec_msg failed\n");
@@ -2330,7 +2354,7 @@
}
case VDEC_IOCTL_GET_INTERLACE_FORMAT:
{
- u32 progressive_only, interlace_format;
+ u32 progressive_only = 0, interlace_format = 0;
DBG("VDEC_IOCTL_GET_INTERLACE_FORMAT\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2350,7 +2374,7 @@
case VDEC_IOCTL_GET_ENABLE_SEC_METADATA:
{
- u32 enable_sec_metadata;
+ u32 enable_sec_metadata = 0;
DBG("VDEC_IOCTL_GET_ENABLE_SEC_METADATA\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2367,7 +2391,7 @@
case VDEC_IOCTL_GET_DISABLE_DMX_SUPPORT:
{
- u32 disable_dmx;
+ u32 disable_dmx = 0;
DBG("VDEC_IOCTL_GET_DISABLE_DMX_SUPPORT\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2383,7 +2407,7 @@
}
case VDEC_IOCTL_GET_DISABLE_DMX:
{
- u32 disable_dmx;
+ u32 disable_dmx = 0;
DBG("VDEC_IOCTL_GET_DISABLE_DMX\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2408,7 +2432,7 @@
}
case VDEC_IOCTL_SET_PICTURE_ORDER:
{
- u32 picture_order;
+ u32 picture_order = 0;
DBG("VDEC_IOCTL_SET_PICTURE_ORDER\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2423,6 +2447,8 @@
case VDEC_IOCTL_SET_FRAME_RATE:
{
struct vdec_framerate frame_rate;
+ memset((void *)&frame_rate, 0,
+ sizeof(struct vdec_framerate));
DBG("VDEC_IOCTL_SET_FRAME_RATE\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2436,7 +2462,7 @@
}
case VDEC_IOCTL_SET_EXTRADATA:
{
- u32 extradata_flag;
+ u32 extradata_flag = 0;
DBG("VDEC_IOCTL_SET_EXTRADATA\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2451,6 +2477,8 @@
case VDEC_IOCTL_SET_META_BUFFERS:
{
struct vdec_meta_buffers meta_buffers;
+ memset((void *)&meta_buffers, 0,
+ sizeof(struct vdec_meta_buffers));
DBG("VDEC_IOCTL_SET_META_BUFFERS\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2481,6 +2509,8 @@
case VDEC_IOCTL_SET_H264_MV_BUFFER:
{
struct vdec_h264_mv mv_data;
+ memset((void *)&mv_data, 0,
+ sizeof(struct vdec_h264_mv));
DBG("VDEC_IOCTL_SET_H264_MV_BUFFER\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
@@ -2504,6 +2534,8 @@
case VDEC_IOCTL_GET_MV_BUFFER_SIZE:
{
struct vdec_mv_buff_size mv_buff;
+ memset((void *)&mv_buff, 0,
+ sizeof(struct vdec_mv_buff_size));
DBG("VDEC_IOCTL_GET_MV_BUFFER_SIZE\n");
if (copy_from_user(&vdec_msg, arg, sizeof(vdec_msg)))
return -EFAULT;
diff --git a/drivers/video/msm/vidc/common/enc/venc.c b/drivers/video/msm/vidc/common/enc/venc.c
index 8715d9c..591126c 100644
--- a/drivers/video/msm/vidc/common/enc/venc.c
+++ b/drivers/video/msm/vidc/common/enc/venc.c
@@ -868,6 +868,7 @@
case VEN_IOCTL_CMD_READ_NEXT_MSG:
{
struct venc_msg cb_msg;
+ memset((void *)&cb_msg, 0, sizeof(struct venc_msg));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_CMD_READ_NEXT_MSG\n");
@@ -889,6 +890,7 @@
case VEN_IOCTL_CMD_FILL_OUTPUT_BUFFER:
{
struct venc_buffer enc_buffer;
+ memset((void *)&enc_buffer, 0, sizeof(struct venc_buffer));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_CMD_ENCODE_FRAME"
@@ -914,6 +916,8 @@
{
enum venc_buffer_dir buffer_dir;
struct venc_bufferpayload buffer_info;
+ memset((void *)&buffer_info, 0,
+ sizeof(struct venc_bufferpayload));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_SET_INPUT_BUFFER/VEN_IOCTL_SET_OUTPUT_BUFFER\n");
@@ -937,6 +941,8 @@
{
enum venc_buffer_dir buffer_dir;
struct venc_bufferpayload buffer_info;
+ memset((void *)&buffer_info, 0,
+ sizeof(struct venc_bufferpayload));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -964,6 +970,8 @@
case VEN_IOCTL_SET_OUTPUT_BUFFER_REQ:
{
struct venc_allocatorproperty allocatorproperty;
+ memset((void *)&allocatorproperty, 0,
+ sizeof(struct venc_allocatorproperty));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -991,6 +999,8 @@
case VEN_IOCTL_GET_OUTPUT_BUFFER_REQ:
{
struct venc_allocatorproperty allocatorproperty;
+ memset((void *)&allocatorproperty, 0,
+ sizeof(struct venc_allocatorproperty));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1013,6 +1023,8 @@
case VEN_IOCTL_CMD_FLUSH:
{
struct venc_bufferflush bufferflush;
+ memset((void *)&bufferflush, 0,
+ sizeof(struct venc_bufferflush));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1075,6 +1087,8 @@
case VEN_IOCTL_SET_RECON_BUFFER:
{
struct venc_recon_addr venc_recon;
+ memset((void *)&venc_recon, 0,
+ sizeof(struct venc_recon_addr));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_SET_RECON_BUFFER\n");
@@ -1092,6 +1106,8 @@
case VEN_IOCTL_FREE_RECON_BUFFER:
{
struct venc_recon_addr venc_recon;
+ memset((void *)&venc_recon, 0,
+ sizeof(struct venc_recon_addr));
DBG("VEN_IOCTL_FREE_RECON_BUFFER\n");
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1109,6 +1125,8 @@
case VEN_IOCTL_GET_RECON_BUFFER_SIZE:
{
struct venc_recon_buff_size venc_recon_size;
+ memset((void *)&venc_recon_size, 0,
+ sizeof(struct venc_recon_buff_size));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_GET_RECON_BUFFER_SIZE\n");
@@ -1132,6 +1150,8 @@
case VEN_IOCTL_GET_QP_RANGE:
{
struct venc_qprange qprange;
+ memset((void *)&qprange, 0,
+ sizeof(struct venc_qprange));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_G(S)ET_QP_RANGE\n");
@@ -1160,6 +1180,8 @@
case VEN_IOCTL_GET_HEC:
{
struct venc_headerextension headerextension;
+ memset((void *)&headerextension, 0,
+ sizeof(struct venc_headerextension));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_HEC\n");
@@ -1190,6 +1212,8 @@
case VEN_IOCTL_GET_TARGET_BITRATE:
{
struct venc_targetbitrate targetbitrate;
+ memset((void *)&targetbitrate, 0,
+ sizeof(struct venc_targetbitrate));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_TARGET_BITRATE\n");
@@ -1219,6 +1243,8 @@
case VEN_IOCTL_GET_FRAME_RATE:
{
struct venc_framerate framerate;
+ memset((void *)&framerate, 0,
+ sizeof(struct venc_framerate));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_FRAME_RATE\n");
@@ -1248,6 +1274,8 @@
case VEN_IOCTL_GET_VOP_TIMING_CFG:
{
struct venc_voptimingcfg voptimingcfg;
+ memset((void *)&voptimingcfg, 0,
+ sizeof(struct venc_voptimingcfg));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1277,6 +1305,8 @@
case VEN_IOCTL_GET_RATE_CTRL_CFG:
{
struct venc_ratectrlcfg ratectrlcfg;
+ memset((void *)&ratectrlcfg, 0,
+ sizeof(struct venc_ratectrlcfg));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_RATE_CTRL_CFG\n");
@@ -1306,6 +1336,8 @@
case VEN_IOCTL_GET_MULTI_SLICE_CFG:
{
struct venc_multiclicecfg multiclicecfg;
+ memset((void *)&multiclicecfg, 0,
+ sizeof(struct venc_multiclicecfg));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_MULTI_SLICE_CFG\n");
@@ -1335,6 +1367,8 @@
case VEN_IOCTL_GET_INTRA_REFRESH:
{
struct venc_intrarefresh intrarefresh;
+ memset((void *)&intrarefresh, 0,
+ sizeof(struct venc_intrarefresh));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_INTRA_REFRESH\n");
@@ -1363,6 +1397,8 @@
case VEN_IOCTL_GET_DEBLOCKING_CFG:
{
struct venc_dbcfg dbcfg;
+ memset((void *)&dbcfg, 0,
+ sizeof(struct venc_dbcfg));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1392,6 +1428,8 @@
case VEN_IOCTL_GET_ENTROPY_CFG:
{
struct venc_entropycfg entropy_cfg;
+ memset((void *)&entropy_cfg, 0,
+ sizeof(struct venc_entropycfg));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_ENTROPY_CFG\n");
@@ -1419,6 +1457,8 @@
case VEN_IOCTL_GET_SEQUENCE_HDR:
{
struct venc_seqheader seq_header;
+ memset((void *)&seq_header, 0,
+ sizeof(struct venc_seqheader));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1461,6 +1501,8 @@
case VEN_IOCTL_GET_INTRA_PERIOD:
{
struct venc_intraperiod intraperiod;
+ memset((void *)&intraperiod, 0,
+ sizeof(struct venc_intraperiod));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_INTRA_PERIOD\n");
@@ -1489,6 +1531,8 @@
case VEN_IOCTL_GET_SESSION_QP:
{
struct venc_sessionqp session_qp;
+ memset((void *)&session_qp, 0,
+ sizeof(struct venc_sessionqp));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_(G)SET_SESSION_QP\n");
@@ -1517,6 +1561,8 @@
case VEN_IOCTL_GET_PROFILE_LEVEL:
{
struct ven_profilelevel profile_level;
+ memset((void *)&profile_level, 0,
+ sizeof(struct ven_profilelevel));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1546,6 +1592,8 @@
case VEN_IOCTL_GET_CODEC_PROFILE:
{
struct venc_profile profile;
+ memset((void *)&profile, 0,
+ sizeof(struct venc_profile));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1575,6 +1623,8 @@
case VEN_IOCTL_GET_SHORT_HDR:
{
struct venc_switch encoder_switch;
+ memset((void *)&encoder_switch, 0,
+ sizeof(struct venc_switch));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("Getting VEN_IOCTL_(G)SET_SHORT_HDR\n");
@@ -1604,6 +1654,8 @@
case VEN_IOCTL_GET_BASE_CFG:
{
struct venc_basecfg base_config;
+ memset((void *)&base_config, 0,
+ sizeof(struct venc_basecfg));
DBG("VEN_IOCTL_SET_BASE_CFG\n");
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1632,6 +1684,8 @@
case VEN_IOCTL_GET_LIVE_MODE:
{
struct venc_switch encoder_switch;
+ memset((void *)&encoder_switch, 0,
+ sizeof(struct venc_switch));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1669,9 +1723,11 @@
}
case VEN_IOCTL_SET_METABUFFER_MODE:
{
- u32 metabuffer_mode, vcd_status;
+ u32 metabuffer_mode = 0, vcd_status = 0;
struct vcd_property_hdr vcd_property_hdr;
struct vcd_property_live live_mode;
+ memset((void *)&live_mode, 0,
+ sizeof(struct vcd_property_live));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1693,7 +1749,7 @@
case VEN_IOCTL_SET_EXTRADATA:
case VEN_IOCTL_GET_EXTRADATA:
{
- u32 extradata_flag;
+ u32 extradata_flag = 0;
DBG("VEN_IOCTL_(G)SET_EXTRADATA\n");
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1738,6 +1794,8 @@
struct vcd_property_sps_pps_for_idr_enable idr_enable;
u32 vcd_status = VCD_ERR_FAIL;
u32 enabled = 1;
+ memset((void *)&idr_enable, 0,
+ sizeof(struct vcd_property_sps_pps_for_idr_enable));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
@@ -1761,8 +1819,10 @@
{
struct vcd_property_hdr vcd_property_hdr;
struct vcd_property_bitstream_restrict_enable vcd_property_val;
- u32 vcd_status = VCD_ERR_FAIL;
+ u32 vcd_status = VCD_ERR_FAIL;
+ memset((void *)&vcd_property_val, 0,
+ sizeof(struct vcd_property_bitstream_restrict_enable));
vcd_property_hdr.prop_id =
VCD_I_ENABLE_VUI_BITSTREAM_RESTRICT_FLAG;
vcd_property_hdr.sz = sizeof(struct
@@ -1780,7 +1840,7 @@
}
case VEN_IOCTL_GET_PERF_LEVEL:
{
- u32 curr_perf_level;
+ u32 curr_perf_level = 0;
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
result = vid_enc_get_curr_perf_level(client_ctx,
@@ -1800,6 +1860,8 @@
case VEN_IOCTL_GET_LTRMODE:
{
struct venc_ltrmode encoder_ltrmode;
+ memset((void *)&encoder_ltrmode, 0,
+ sizeof(struct venc_ltrmode));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
if (cmd == VEN_IOCTL_SET_LTRMODE) {
@@ -1829,6 +1891,8 @@
case VEN_IOCTL_GET_LTRCOUNT:
{
struct venc_ltrcount encoder_ltrcount;
+ memset((void *)&encoder_ltrcount, 0,
+ sizeof(struct venc_ltrcount));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
if (cmd == VEN_IOCTL_SET_LTRCOUNT) {
@@ -1859,6 +1923,8 @@
case VEN_IOCTL_GET_LTRPERIOD:
{
struct venc_ltrperiod encoder_ltrperiod;
+ memset((void *)&encoder_ltrperiod, 0,
+ sizeof(struct venc_ltrperiod));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
if (cmd == VEN_IOCTL_SET_LTRPERIOD) {
@@ -1888,6 +1954,8 @@
case VEN_IOCTL_GET_CAPABILITY_LTRCOUNT:
{
struct venc_range venc_capltrcount;
+ memset((void *)&venc_capltrcount, 0,
+ sizeof(struct venc_range));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
DBG("VEN_IOCTL_GET_CAPABILITY_LTRCOUNT\n");
@@ -1907,6 +1975,8 @@
case VEN_IOCTL_GET_LTRUSE:
{
struct venc_ltruse encoder_ltruse;
+ memset((void *)&encoder_ltruse, 0,
+ sizeof(struct venc_ltruse));
if (copy_from_user(&venc_msg, arg, sizeof(venc_msg)))
return -EFAULT;
if (cmd == VEN_IOCTL_SET_LTRUSE) {
diff --git a/drivers/video/msm/vidc/common/enc/venc_internal.c b/drivers/video/msm/vidc/common/enc/venc_internal.c
index 364d590..ddad23a 100644
--- a/drivers/video/msm/vidc/common/enc/venc_internal.c
+++ b/drivers/video/msm/vidc/common/enc/venc_internal.c
@@ -971,7 +971,7 @@
vcd_property_hdr.sz =
sizeof(struct vcd_property_entropy_control);
if (set_flag) {
- switch (entropy_cfg->longentropysel) {
+ switch (entropy_cfg->entropysel) {
case VEN_ENTROPY_MODEL_CAVLC:
control.entropy_sel = VCD_ENTROPY_SEL_CAVLC;
break;
@@ -1024,11 +1024,11 @@
} else {
switch (control.entropy_sel) {
case VCD_ENTROPY_SEL_CABAC:
- entropy_cfg->cabacmodel =
+ entropy_cfg->entropysel =
VEN_ENTROPY_MODEL_CABAC;
break;
case VCD_ENTROPY_SEL_CAVLC:
- entropy_cfg->cabacmodel =
+ entropy_cfg->entropysel =
VEN_ENTROPY_MODEL_CAVLC;
break;
default:
diff --git a/include/linux/msm_vidc_enc.h b/include/linux/msm_vidc_enc.h
index 6c7ceec..e4f973f 100644
--- a/include/linux/msm_vidc_enc.h
+++ b/include/linux/msm_vidc_enc.h
@@ -607,7 +607,7 @@
};
struct venc_entropycfg{
- unsigned longentropysel;
+ unsigned long entropysel;
unsigned long cabacmodel;
};