From 1455fd856dbf6a576a6e896dfd0aa2ee818158f3 Mon Sep 17 00:00:00 2001 From: Hans Verkuil Date: Sun, 8 Mar 2009 14:35:23 +0100 Subject: v4l2-ioctl: fix partial-copy code. From: Hans Verkuil The code to optimize the usercopy only checked the ioctl NR field. However, this code is also called for non-V4L2 ioctls (either private or ioctls from linux/dvb/audio.h and linux/dvb/video.h for decoder drivers like ivtv). If such an ioctl has the same NR as a V4L2 ioctl, then disaster strikes. Modified the code to check on the full command ID. Thanks to Martin Dauskardt for tracing the ivtv breakage to this particular change. Priority: normal Signed-off-by: Hans Verkuil --- linux/drivers/media/video/v4l2-ioctl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/linux/drivers/media/video/v4l2-ioctl.c b/linux/drivers/media/video/v4l2-ioctl.c index fa7d49482..21d93192d 100644 --- a/linux/drivers/media/video/v4l2-ioctl.c +++ b/linux/drivers/media/video/v4l2-ioctl.c @@ -1810,11 +1810,12 @@ static long __video_do_ioctl(struct file *file, static unsigned long cmd_input_size(unsigned int cmd) { /* Size of structure up to and including 'field' */ -#define CMDINSIZE(cmd, type, field) case _IOC_NR(VIDIOC_##cmd): return \ - offsetof(struct v4l2_##type, field) + \ - sizeof(((struct v4l2_##type *)0)->field); +#define CMDINSIZE(cmd, type, field) \ + case VIDIOC_##cmd: \ + return offsetof(struct v4l2_##type, field) + \ + sizeof(((struct v4l2_##type *)0)->field); - switch (_IOC_NR(cmd)) { + switch (cmd) { CMDINSIZE(ENUM_FMT, fmtdesc, type); CMDINSIZE(G_FMT, format, type); CMDINSIZE(QUERYBUF, buffer, type); -- cgit v1.2.3