* [bug report] media: mediatek: vcodec: add h264 decoder driver for mt8186
@ 2024-01-31 7:11 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2024-01-31 7:11 UTC (permalink / raw)
To: yunfei.dong; +Cc: linux-media
Hello Yunfei Dong,
The patch 397edc703a10: "media: mediatek: vcodec: add h264 decoder
driver for mt8186" from May 12, 2022 (linux-next), leads to the
following (in development) Smatch static checker warning:
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c:351 vdec_h264_slice_decode() potential NULL container_of 'fb'
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c:337 vdec_vp8_slice_decode() potential NULL container_of 'fb'
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c:728 vdec_h264_slice_single_decode() potential NULL container_of 'fb'
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c
709 static int vdec_h264_slice_single_decode(void *h_vdec, struct mtk_vcodec_mem *bs,
710 struct vdec_fb *unused, bool *res_chg)
711 {
712 struct vdec_h264_slice_inst *inst = h_vdec;
713 struct vdec_vpu_inst *vpu = &inst->vpu;
714 struct mtk_video_dec_buf *src_buf_info, *dst_buf_info;
715 struct vdec_fb *fb;
716 unsigned char *buf;
717 unsigned int data[2], i;
718 u64 y_fb_dma, c_fb_dma;
719 struct mtk_vcodec_mem *mem;
720 int err, nal_start_idx;
721
722 /* bs NULL means flush decoder */
723 if (!bs)
724 return vpu_dec_reset(vpu);
725
726 fb = inst->ctx->dev->vdec_pdata->get_cap_buffer(inst->ctx);
Smatch says that "fb" can be NULL.
727 src_buf_info = container_of(bs, struct mtk_video_dec_buf, bs_buffer);
--> 728 dst_buf_info = container_of(fb, struct mtk_video_dec_buf, frame_buffer);
^^^^^^^^^^^^
If "fb" is NULL then dst_buf_info will point to bogus memory.
729
730 y_fb_dma = fb ? (u64)fb->base_y.dma_addr : 0;
731 c_fb_dma = fb ? (u64)fb->base_c.dma_addr : 0;
^^
These lines assume "fb" can be NULL.
732 mtk_vdec_debug(inst->ctx, "[h264-dec] [%d] y_dma=%llx c_dma=%llx",
733 inst->ctx->decoded_frame_cnt, y_fb_dma, c_fb_dma);
734
735 inst->vsi_ctx.dec.bs_buf_addr = (u64)bs->dma_addr;
736 inst->vsi_ctx.dec.bs_buf_size = bs->size;
737 inst->vsi_ctx.dec.y_fb_dma = y_fb_dma;
738 inst->vsi_ctx.dec.c_fb_dma = c_fb_dma;
739 inst->vsi_ctx.dec.vdec_fb_va = (u64)(uintptr_t)fb;
740
741 v4l2_m2m_buf_copy_metadata(&src_buf_info->m2m_buf.vb,
742 &dst_buf_info->m2m_buf.vb, true);
^^^^^^^^^^^^^^^^^^^^^^^^^
If "fb" is NULL, this will crash. The other warnings are the same where
the checking for NULL "fb" isn't done consistently.
743 err = get_vdec_sig_decode_parameters(inst);
744 if (err)
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-01-31 7:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-31 7:11 [bug report] media: mediatek: vcodec: add h264 decoder driver for mt8186 Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).