| Message ID | 4800f277368eb6cc6099eb622988588e5a5de9ae.1544182979.git.mchehab+samsung@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | media: imx214: don't de-reference a NULL pointer | expand |
On 12/7/18 12:43 PM, Mauro Carvalho Chehab wrote: > As warned by smatch: > drivers/media/i2c/imx214.c:591 imx214_set_format() warn: variable dereferenced before check 'format' (see line 589) > > It turns that the code at imx214_set_format() has support for being > called with the format being NULL. I've no idea why, as it is only > called internally with the pointer set, and via subdev API (with > should also set it). > > Also, the entire logic there depends on having format != NULL, so > just remove the bogus broken support for a null format. > > Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Regards, Hans > --- > drivers/media/i2c/imx214.c | 10 ++++------ > 1 file changed, 4 insertions(+), 6 deletions(-) > > diff --git a/drivers/media/i2c/imx214.c b/drivers/media/i2c/imx214.c > index ec3d1b855f62..b046a26219a4 100644 > --- a/drivers/media/i2c/imx214.c > +++ b/drivers/media/i2c/imx214.c > @@ -588,12 +588,10 @@ static int imx214_set_format(struct v4l2_subdev *sd, > > __crop = __imx214_get_pad_crop(imx214, cfg, format->pad, format->which); > > - if (format) > - mode = v4l2_find_nearest_size(imx214_modes, > - ARRAY_SIZE(imx214_modes), width, height, > - format->format.width, format->format.height); > - else > - mode = &imx214_modes[0]; > + mode = v4l2_find_nearest_size(imx214_modes, > + ARRAY_SIZE(imx214_modes), width, height, > + format->format.width, > + format->format.height); > > __crop->width = mode->width; > __crop->height = mode->height; >
Hi Mauro, Hi Hans Thanks for taking a look at this. On Wed, Dec 12, 2018 at 6:55 PM Hans Verkuil <hverkuil-cisco@xs4all.nl> wrote: > > On 12/7/18 12:43 PM, Mauro Carvalho Chehab wrote: > > As warned by smatch: > > drivers/media/i2c/imx214.c:591 imx214_set_format() warn: variable dereferenced before check 'format' (see line 589) > > > > It turns that the code at imx214_set_format() has support for being > > called with the format being NULL. I've no idea why, as it is only > > called internally with the pointer set, and via subdev API (with > > should also set it). > > > > Also, the entire logic there depends on having format != NULL, so > > just remove the bogus broken support for a null format. I believe it is a relic for when I did not use imx214_entity_init_cfg. Sorry about that. > > > > Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> > > Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> > Reviewed-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> Best Regards > Regards, > > Hans > > > --- > > drivers/media/i2c/imx214.c | 10 ++++------ > > 1 file changed, 4 insertions(+), 6 deletions(-) > > > > diff --git a/drivers/media/i2c/imx214.c b/drivers/media/i2c/imx214.c > > index ec3d1b855f62..b046a26219a4 100644 > > --- a/drivers/media/i2c/imx214.c > > +++ b/drivers/media/i2c/imx214.c > > @@ -588,12 +588,10 @@ static int imx214_set_format(struct v4l2_subdev *sd, > > > > __crop = __imx214_get_pad_crop(imx214, cfg, format->pad, format->which); > > > > - if (format) > > - mode = v4l2_find_nearest_size(imx214_modes, > > - ARRAY_SIZE(imx214_modes), width, height, > > - format->format.width, format->format.height); > > - else > > - mode = &imx214_modes[0]; > > + mode = v4l2_find_nearest_size(imx214_modes, > > + ARRAY_SIZE(imx214_modes), width, height, > > + format->format.width, > > + format->format.height); > > > > __crop->width = mode->width; > > __crop->height = mode->height; > > >
diff --git a/drivers/media/i2c/imx214.c b/drivers/media/i2c/imx214.c index ec3d1b855f62..b046a26219a4 100644 --- a/drivers/media/i2c/imx214.c +++ b/drivers/media/i2c/imx214.c @@ -588,12 +588,10 @@ static int imx214_set_format(struct v4l2_subdev *sd, __crop = __imx214_get_pad_crop(imx214, cfg, format->pad, format->which); - if (format) - mode = v4l2_find_nearest_size(imx214_modes, - ARRAY_SIZE(imx214_modes), width, height, - format->format.width, format->format.height); - else - mode = &imx214_modes[0]; + mode = v4l2_find_nearest_size(imx214_modes, + ARRAY_SIZE(imx214_modes), width, height, + format->format.width, + format->format.height); __crop->width = mode->width; __crop->height = mode->height;
As warned by smatch: drivers/media/i2c/imx214.c:591 imx214_set_format() warn: variable dereferenced before check 'format' (see line 589) It turns that the code at imx214_set_format() has support for being called with the format being NULL. I've no idea why, as it is only called internally with the pointer set, and via subdev API (with should also set it). Also, the entire logic there depends on having format != NULL, so just remove the bogus broken support for a null format. Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> --- drivers/media/i2c/imx214.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-)