[bug report] media: atomisp: add NULL check for asd obtained from atomisp_video_pipe

[bug report] media: atomisp: add NULL check for asd obtained from atomisp_video_pipe

[Dan Carpenter]

Hello Tsuchiya Yuto,

This is a semi-automatic email about new static checker warnings.

The patch c10bcb13462e: "media: atomisp: add NULL check for asd 
obtained from atomisp_video_pipe" from Oct 18, 2021, leads to the 
following Smatch complaint:

drivers/staging/media/atomisp/pci/atomisp_ioctl.c:1188 __atomisp_reqbufs()
warn: variable dereferenced before check 'asd' (see line 1185)
drivers/staging/media/atomisp/pci/atomisp_cmd.c:5192 atomisp_set_fmt_to_isp()
warn: variable dereferenced before check 'asd' (see line 5188)

drivers/staging/media/atomisp/pci/atomisp_ioctl.c
  1175  int __atomisp_reqbufs(struct file *file, void *fh,
  1176                        struct v4l2_requestbuffers *req)
  1177  {
  1178          struct video_device *vdev = video_devdata(file);
  1179          struct atomisp_video_pipe *pipe = atomisp_to_video_pipe(vdev);
  1180          struct atomisp_sub_device *asd = pipe->asd;
  1181          struct ia_css_frame_info frame_info;
  1182          struct ia_css_frame *frame;
  1183          struct videobuf_vmalloc_memory *vm_mem;
  1184		u16 source_pad = atomisp_subdev_source_pad(vdev);
  1185		u16 stream_id = atomisp_source_pad_to_stream_id(asd, source_pad);
                                                                ^^^
There is an unchecked dereference inside this function.

  1186		int ret = 0, i = 0;
  1187	
  1188		if (!asd) {
                    ^^^^
This new check is too late.

  1189			dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
  1190				__func__, vdev->name);

atomisp_set_fmt_to_isp() has the same thing.

regards,
dan carpenter

Re: [bug report] media: atomisp: add NULL check for asd obtained from atomisp_video_pipe

[Tsuchiya Yuto]

On Mon, 2021-11-22 at 10:41 +0300, Dan Carpenter wrote:
> Hello Tsuchiya Yuto,
> 
> This is a semi-automatic email about new static checker warnings.
> 
> The patch c10bcb13462e: "media: atomisp: add NULL check for asd 
> obtained from atomisp_video_pipe" from Oct 18, 2021, leads to the 
> following Smatch complaint:
> 
> drivers/staging/media/atomisp/pci/atomisp_ioctl.c:1188 __atomisp_reqbufs()
> warn: variable dereferenced before check 'asd' (see line 1185)
> drivers/staging/media/atomisp/pci/atomisp_cmd.c:5192 atomisp_set_fmt_to_isp()
> warn: variable dereferenced before check 'asd' (see line 5188)
> 
> drivers/staging/media/atomisp/pci/atomisp_ioctl.c
>   1175  int __atomisp_reqbufs(struct file *file, void *fh,
>   1176                        struct v4l2_requestbuffers *req)
>   1177  {
>   1178          struct video_device *vdev = video_devdata(file);
>   1179          struct atomisp_video_pipe *pipe = atomisp_to_video_pipe(vdev);
>   1180          struct atomisp_sub_device *asd = pipe->asd;
>   1181          struct ia_css_frame_info frame_info;
>   1182          struct ia_css_frame *frame;
>   1183          struct videobuf_vmalloc_memory *vm_mem;
>   1184		u16 source_pad = atomisp_subdev_source_pad(vdev);
>   1185		u16 stream_id = atomisp_source_pad_to_stream_id(asd, source_pad);
>                                                                 ^^^
> There is an unchecked dereference inside this function.
> 
>   1186		int ret = 0, i = 0;
>   1187	
>   1188		if (!asd) {
>                     ^^^^
> This new check is too late.
> 
>   1189			dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
>   1190				__func__, vdev->name);
> 
> atomisp_set_fmt_to_isp() has the same thing.
> 
> regards,
> dan carpenter

Hello, thank you for pointing out this issue! For the record, patch sent
as:

	https://lore.kernel.org/linux-media/20211201141904.47231-1-kitakar@gmail.com/
	("media: atomisp: fix "variable dereferenced before check 'asd'"")

Regards,
Tsuchiya Yuto