From 78a9585ad0b1d110d7fc1e47da8f94b04fc81d70 Mon Sep 17 00:00:00 2001 From: Akshat Sinha Date: Sun, 21 Sep 2025 17:44:08 +0530 Subject: [PATCH 1/2] ddi: fix wrong sizeof when zeroing DecodeStatusReportData --- media_driver/linux/common/codec/ddi/media_libva_decoder.cpp | 2 +- .../linux/common/codec/ddi/dec/ddi_decode_functions.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/media_driver/linux/common/codec/ddi/media_libva_decoder.cpp b/media_driver/linux/common/codec/ddi/media_libva_decoder.cpp index ad161b7c24..c4db180659 100755 --- a/media_driver/linux/common/codec/ddi/media_libva_decoder.cpp +++ b/media_driver/linux/common/codec/ddi/media_libva_decoder.cpp @@ -477,7 +477,7 @@ VAStatus DdiDecode_StatusReport(PDDI_MEDIA_CONTEXT mediaCtx, DecodePipelineAdapt for (uint32_t i = 0; i < uNumCompletedReport; i++) { decode::DecodeStatusReportData tempNewReport; - MOS_ZeroMemory(&tempNewReport, sizeof(CodechalDecodeStatusReport)); + MOS_ZeroMemory(&tempNewReport, sizeof(tempNewReport)); MOS_STATUS eStatus = decoder->GetStatusReport(&tempNewReport, 1); DDI_CHK_CONDITION(MOS_STATUS_SUCCESS != eStatus, "Get status report fail", VA_STATUS_ERROR_OPERATION_FAILED); diff --git a/media_softlet/linux/common/codec/ddi/dec/ddi_decode_functions.cpp b/media_softlet/linux/common/codec/ddi/dec/ddi_decode_functions.cpp index 23fe5ba3e2..2f468e281d 100644 --- a/media_softlet/linux/common/codec/ddi/dec/ddi_decode_functions.cpp +++ b/media_softlet/linux/common/codec/ddi/dec/ddi_decode_functions.cpp @@ -1054,7 +1054,7 @@ VAStatus DdiDecodeFunctions::StatusReport( for (uint32_t i = 0; i < uNumCompletedReport; i++) { DecodeStatusReportData tempNewReport; - MOS_ZeroMemory(&tempNewReport, sizeof(CodechalDecodeStatusReport)); + MOS_ZeroMemory(&tempNewReport, sizeof(tempNewReport)); MOS_STATUS eStatus = decoder->GetStatusReport(&tempNewReport, 1); DDI_CODEC_CHK_CONDITION(MOS_STATUS_SUCCESS != eStatus, "Get status report fail", VA_STATUS_ERROR_OPERATION_FAILED); From 1e41a29c782cf8982cd90b02b2782bb2306514d8 Mon Sep 17 00:00:00 2001 From: Akshat Sinha Date: Sun, 21 Sep 2025 18:15:44 +0530 Subject: [PATCH 2/2] bufmgr: use off_t for lseek result in PRIME import toavoid 64-bit Truncation --- media_softlet/linux/common/os/i915/mos_bufmgr.c | 8 ++++---- .../linux/common/os/i915_production/mos_bufmgr.c | 8 +++----- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/media_softlet/linux/common/os/i915/mos_bufmgr.c b/media_softlet/linux/common/os/i915/mos_bufmgr.c index bca411be7e..62651c4283 100644 --- a/media_softlet/linux/common/os/i915/mos_bufmgr.c +++ b/media_softlet/linux/common/os/i915/mos_bufmgr.c @@ -3501,11 +3501,11 @@ mos_gem_bo_create_from_prime(struct mos_bufmgr *bufmgr, struct mos_drm_bo_alloc_ * later, we can lseek on the prime fd to get the size. Older * kernels will just fail, in which case we fall back to the * provided (estimated or guess size). */ - ret = lseek(prime_fd, 0, SEEK_END); - if (ret != -1) - bo_gem->bo.size = ret; + off_t sz =lseek(prime_fd,0,SEEK_END); + if(sz>= 0) + bo_gem->bo.size=(unsigned long)sz; else - bo_gem->bo.size = size; + bo_gem->bo.size = (unsigned long)size; bo_gem->bo.handle = handle; bo_gem->bo.bufmgr = bufmgr; diff --git a/media_softlet/linux/common/os/i915_production/mos_bufmgr.c b/media_softlet/linux/common/os/i915_production/mos_bufmgr.c index b3a9144ede..d114ae5f04 100644 --- a/media_softlet/linux/common/os/i915_production/mos_bufmgr.c +++ b/media_softlet/linux/common/os/i915_production/mos_bufmgr.c @@ -3493,11 +3493,10 @@ mos_gem_bo_create_from_prime(struct mos_bufmgr *bufmgr, struct mos_drm_bo_alloc_ * later, we can lseek on the prime fd to get the size. Older * kernels will just fail, in which case we fall back to the * provided (estimated or guess size). */ - ret = lseek(prime_fd, 0, SEEK_END); - if (ret != -1) - bo_gem->bo.size = ret; + off_t sz=lseek(prime_fd,0, SEEK_END); + if(sz>=0) bo_gem->bo.size=(unsigned long)sz; else - bo_gem->bo.size = size; + bo_gem->bo.size=(unsigned long)size; bo_gem->bo.handle = handle; bo_gem->bo.bufmgr = bufmgr; @@ -3505,7 +3504,6 @@ mos_gem_bo_create_from_prime(struct mos_bufmgr *bufmgr, struct mos_drm_bo_alloc_ bo_gem->gem_handle = handle; atomic_set(&bo_gem->refcount, 1); - bo_gem->name = alloc_prime->name; bo_gem->validate_index = -1; bo_gem->reloc_tree_fences = 0;