linux-media.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] media: imx214: don't de-reference a NULL pointer
@ 2018-12-07 11:43 Mauro Carvalho Chehab
  2018-12-12 17:54 ` Hans Verkuil
  0 siblings, 1 reply; 3+ messages in thread
From: Mauro Carvalho Chehab @ 2018-12-07 11:43 UTC (permalink / raw)
  Cc: Mauro Carvalho Chehab, Linux Media Mailing List,
	Mauro Carvalho Chehab, Ricardo Ribalda Delgado

As warned by smatch:
	drivers/media/i2c/imx214.c:591 imx214_set_format() warn: variable dereferenced before check 'format' (see line 589)

It turns that the code at imx214_set_format() has support for being
called with the format being NULL. I've no idea why, as it is only
called internally with the pointer set, and via subdev API (with
should also set it).

Also, the entire logic there depends on having format != NULL, so
just remove the bogus broken support for a null format.

Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
---
 drivers/media/i2c/imx214.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/drivers/media/i2c/imx214.c b/drivers/media/i2c/imx214.c
index ec3d1b855f62..b046a26219a4 100644
--- a/drivers/media/i2c/imx214.c
+++ b/drivers/media/i2c/imx214.c
@@ -588,12 +588,10 @@ static int imx214_set_format(struct v4l2_subdev *sd,
 
 	__crop = __imx214_get_pad_crop(imx214, cfg, format->pad, format->which);
 
-	if (format)
-		mode = v4l2_find_nearest_size(imx214_modes,
-				ARRAY_SIZE(imx214_modes), width, height,
-				format->format.width, format->format.height);
-	else
-		mode = &imx214_modes[0];
+	mode = v4l2_find_nearest_size(imx214_modes,
+				      ARRAY_SIZE(imx214_modes), width, height,
+				      format->format.width,
+				      format->format.height);
 
 	__crop->width = mode->width;
 	__crop->height = mode->height;
-- 
2.19.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] media: imx214: don't de-reference a NULL pointer
  2018-12-07 11:43 [PATCH] media: imx214: don't de-reference a NULL pointer Mauro Carvalho Chehab
@ 2018-12-12 17:54 ` Hans Verkuil
  2018-12-12 18:16   ` Ricardo Ribalda Delgado
  0 siblings, 1 reply; 3+ messages in thread
From: Hans Verkuil @ 2018-12-12 17:54 UTC (permalink / raw)
  To: Mauro Carvalho Chehab
  Cc: Linux Media Mailing List, Mauro Carvalho Chehab, Ricardo Ribalda Delgado

On 12/7/18 12:43 PM, Mauro Carvalho Chehab wrote:
> As warned by smatch:
> 	drivers/media/i2c/imx214.c:591 imx214_set_format() warn: variable dereferenced before check 'format' (see line 589)
> 
> It turns that the code at imx214_set_format() has support for being
> called with the format being NULL. I've no idea why, as it is only
> called internally with the pointer set, and via subdev API (with
> should also set it).
> 
> Also, the entire logic there depends on having format != NULL, so
> just remove the bogus broken support for a null format.
> 
> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>

Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>

Regards,

	Hans

> ---
>  drivers/media/i2c/imx214.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/media/i2c/imx214.c b/drivers/media/i2c/imx214.c
> index ec3d1b855f62..b046a26219a4 100644
> --- a/drivers/media/i2c/imx214.c
> +++ b/drivers/media/i2c/imx214.c
> @@ -588,12 +588,10 @@ static int imx214_set_format(struct v4l2_subdev *sd,
>  
>  	__crop = __imx214_get_pad_crop(imx214, cfg, format->pad, format->which);
>  
> -	if (format)
> -		mode = v4l2_find_nearest_size(imx214_modes,
> -				ARRAY_SIZE(imx214_modes), width, height,
> -				format->format.width, format->format.height);
> -	else
> -		mode = &imx214_modes[0];
> +	mode = v4l2_find_nearest_size(imx214_modes,
> +				      ARRAY_SIZE(imx214_modes), width, height,
> +				      format->format.width,
> +				      format->format.height);
>  
>  	__crop->width = mode->width;
>  	__crop->height = mode->height;
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] media: imx214: don't de-reference a NULL pointer
  2018-12-12 17:54 ` Hans Verkuil
@ 2018-12-12 18:16   ` Ricardo Ribalda Delgado
  0 siblings, 0 replies; 3+ messages in thread
From: Ricardo Ribalda Delgado @ 2018-12-12 18:16 UTC (permalink / raw)
  To: hverkuil-cisco; +Cc: Mauro Carvalho Chehab, linux-media, Mauro Carvalho Chehab

Hi Mauro, Hi Hans

Thanks for taking a look at this.
On Wed, Dec 12, 2018 at 6:55 PM Hans Verkuil <hverkuil-cisco@xs4all.nl> wrote:
>
> On 12/7/18 12:43 PM, Mauro Carvalho Chehab wrote:
> > As warned by smatch:
> >       drivers/media/i2c/imx214.c:591 imx214_set_format() warn: variable dereferenced before check 'format' (see line 589)
> >
> > It turns that the code at imx214_set_format() has support for being
> > called with the format being NULL. I've no idea why, as it is only
> > called internally with the pointer set, and via subdev API (with
> > should also set it).
> >
> > Also, the entire logic there depends on having format != NULL, so
> > just remove the bogus broken support for a null format.

I believe it is a relic for when I did not use imx214_entity_init_cfg.
Sorry about that.

> >
> > Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
>
> Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
>
Reviewed-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>

Best Regards
> Regards,
>
>         Hans
>
> > ---
> >  drivers/media/i2c/imx214.c | 10 ++++------
> >  1 file changed, 4 insertions(+), 6 deletions(-)
> >
> > diff --git a/drivers/media/i2c/imx214.c b/drivers/media/i2c/imx214.c
> > index ec3d1b855f62..b046a26219a4 100644
> > --- a/drivers/media/i2c/imx214.c
> > +++ b/drivers/media/i2c/imx214.c
> > @@ -588,12 +588,10 @@ static int imx214_set_format(struct v4l2_subdev *sd,
> >
> >       __crop = __imx214_get_pad_crop(imx214, cfg, format->pad, format->which);
> >
> > -     if (format)
> > -             mode = v4l2_find_nearest_size(imx214_modes,
> > -                             ARRAY_SIZE(imx214_modes), width, height,
> > -                             format->format.width, format->format.height);
> > -     else
> > -             mode = &imx214_modes[0];
> > +     mode = v4l2_find_nearest_size(imx214_modes,
> > +                                   ARRAY_SIZE(imx214_modes), width, height,
> > +                                   format->format.width,
> > +                                   format->format.height);
> >
> >       __crop->width = mode->width;
> >       __crop->height = mode->height;
> >
>


-- 
Ricardo Ribalda

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-12-12 18:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-07 11:43 [PATCH] media: imx214: don't de-reference a NULL pointer Mauro Carvalho Chehab
2018-12-12 17:54 ` Hans Verkuil
2018-12-12 18:16   ` Ricardo Ribalda Delgado

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).