From: Luca Ceresoli <luca@lucaceresoli.net>
To: linux-media@vger.kernel.org
Cc: Sakari Ailus <sakari.ailus@iki.fi>,
Luca Ceresoli <luca@lucaceresoli.net>,
Leon Luo <leonl@leopardimaging.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-kernel@vger.kernel.org,
Sakari Ailus <sakari.ailus@linux.intel.com>
Subject: [PATCH v3 1/7] media: imx274: initialize format before v4l2 controls
Date: Wed, 23 May 2018 12:05:14 +0200 [thread overview]
Message-ID: <1527069921-21084-2-git-send-email-luca@lucaceresoli.net> (raw)
In-Reply-To: <1527069921-21084-1-git-send-email-luca@lucaceresoli.net>
The current probe function calls v4l2_ctrl_handler_setup() before
initializing the format info. This triggers call paths such as:
imx274_probe -> v4l2_ctrl_handler_setup -> imx274_s_ctrl ->
imx274_set_exposure, where priv->mode_index is accessed before being
assigned.
This is wrong but does not trigger a visible bug because priv is
zero-initialized and 0 is the default value for priv->mode_index. But
this would become a crash in follow-up commits when mode_index is
replaced by a pointer that must always be valid.
Fix the bug before it shows up by initializing struct members early.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
---
Changed v2 -> v3: nothing
Changed v1 -> v2:
- add "media: " prefix to commit message
---
drivers/media/i2c/imx274.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/media/i2c/imx274.c b/drivers/media/i2c/imx274.c
index 63fb94e7da37..8a8a11b8d75d 100644
--- a/drivers/media/i2c/imx274.c
+++ b/drivers/media/i2c/imx274.c
@@ -1632,6 +1632,16 @@ static int imx274_probe(struct i2c_client *client,
mutex_init(&imx274->lock);
+ /* initialize format */
+ imx274->mode_index = IMX274_MODE_3840X2160;
+ imx274->format.width = imx274_formats[0].size.width;
+ imx274->format.height = imx274_formats[0].size.height;
+ imx274->format.field = V4L2_FIELD_NONE;
+ imx274->format.code = MEDIA_BUS_FMT_SRGGB10_1X10;
+ imx274->format.colorspace = V4L2_COLORSPACE_SRGB;
+ imx274->frame_interval.numerator = 1;
+ imx274->frame_interval.denominator = IMX274_DEF_FRAME_RATE;
+
/* initialize regmap */
imx274->regmap = devm_regmap_init_i2c(client, &imx274_regmap_config);
if (IS_ERR(imx274->regmap)) {
@@ -1720,16 +1730,6 @@ static int imx274_probe(struct i2c_client *client,
goto err_ctrls;
}
- /* initialize format */
- imx274->mode_index = IMX274_MODE_3840X2160;
- imx274->format.width = imx274_formats[0].size.width;
- imx274->format.height = imx274_formats[0].size.height;
- imx274->format.field = V4L2_FIELD_NONE;
- imx274->format.code = MEDIA_BUS_FMT_SRGGB10_1X10;
- imx274->format.colorspace = V4L2_COLORSPACE_SRGB;
- imx274->frame_interval.numerator = 1;
- imx274->frame_interval.denominator = IMX274_DEF_FRAME_RATE;
-
/* load default control values */
ret = imx274_load_default(imx274);
if (ret) {
--
2.7.4
next prev parent reply other threads:[~2018-05-23 10:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-23 10:05 [PATCH v3 0/7] media: imx274: cleanups, improvements and SELECTION API support Luca Ceresoli
2018-05-23 10:05 ` Luca Ceresoli [this message]
2018-05-23 10:05 ` [PATCH v3 2/7] media: imx274: consolidate per-mode data in imx274_frmfmt Luca Ceresoli
2018-05-23 10:05 ` [PATCH v3 3/7] media: imx274: get rid of mode_index Luca Ceresoli
2018-05-23 10:05 ` [PATCH v3 4/7] media: imx274: actually use IMX274_DEFAULT_MODE Luca Ceresoli
2018-05-23 10:05 ` [PATCH v3 5/7] media: imx274: simplify imx274_write_table() Luca Ceresoli
2018-05-23 10:05 ` [PATCH v3 6/7] media: imx274: add helper function to fill a reg_8 table chunk Luca Ceresoli
2018-05-23 10:05 ` [PATCH v3 7/7] media: imx274: add SELECTION support for cropping Luca Ceresoli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1527069921-21084-2-git-send-email-luca@lucaceresoli.net \
--to=luca@lucaceresoli.net \
--cc=leonl@leopardimaging.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=sakari.ailus@iki.fi \
--cc=sakari.ailus@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.