* [PATCH v2, 0/2] fix coverity issues in encoder driver
@ 2023-04-11 5:54 Irui Wang
2023-04-11 5:54 ` [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range Irui Wang
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Irui Wang @ 2023-04-11 5:54 UTC (permalink / raw)
To: Hans Verkuil, Mauro Carvalho Chehab, Matthias Brugger
Cc: Project_Global_Chrome_Upstream_Group, linux-media, linux-kernel,
linux-arm-kernel, linux-mediatek, maoguang.meng, Yunfei Dong,
Irui Wang
two coverity issues in encoder driver, submit two changes for fix them.
changes compared with v1:
- separate into two changes.
---
Irui Wang (2):
media: mediatek: vcodec: make sure array index is in valid range
media: mediatek: vcodec: make sure pointer isn't NULL before used
.../platform/mediatek/vcodec/mtk_vcodec_enc.c | 2 +-
.../mediatek/vcodec/mtk_vcodec_enc_drv.c | 16 ++++++++++++----
2 files changed, 13 insertions(+), 5 deletions(-)
--
2.18.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range
2023-04-11 5:54 [PATCH v2, 0/2] fix coverity issues in encoder driver Irui Wang
@ 2023-04-11 5:54 ` Irui Wang
2023-04-11 8:22 ` Alexandre Mergnat
2023-04-11 5:54 ` [PATCH v2, 2/2] media: mediatek: vcodec: make sure pointer isn't NULL before used Irui Wang
2023-04-11 6:25 ` [PATCH v2, 0/2] fix coverity issues in encoder driver Yunfei Dong (董云飞)
2 siblings, 1 reply; 7+ messages in thread
From: Irui Wang @ 2023-04-11 5:54 UTC (permalink / raw)
To: Hans Verkuil, Mauro Carvalho Chehab, Matthias Brugger
Cc: Project_Global_Chrome_Upstream_Group, linux-media, linux-kernel,
linux-arm-kernel, linux-mediatek, maoguang.meng, Yunfei Dong,
Irui Wang
CERT-C Characters and Strings:
dev->reg_base[dev->venc_pdata->core_id] evaluates to an address
that could be at negative offset of an array, check core id is
in valid range.
Signed-off-by: Irui Wang <irui.wang@mediatek.com>
---
.../mediatek/vcodec/mtk_vcodec_enc_drv.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c
index 9095186d5495..125d5722d07b 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c
@@ -89,16 +89,24 @@ static irqreturn_t mtk_vcodec_enc_irq_handler(int irq, void *priv)
struct mtk_vcodec_ctx *ctx;
unsigned long flags;
void __iomem *addr;
+ int core_id;
spin_lock_irqsave(&dev->irqlock, flags);
ctx = dev->curr_ctx;
spin_unlock_irqrestore(&dev->irqlock, flags);
- mtk_v4l2_debug(1, "id=%d coreid:%d", ctx->id, dev->venc_pdata->core_id);
- addr = dev->reg_base[dev->venc_pdata->core_id] +
- MTK_VENC_IRQ_ACK_OFFSET;
+ core_id = dev->venc_pdata->core_id;
+ if (core_id < 0 || core_id >= NUM_MAX_VCODEC_REG_BASE) {
+ mtk_v4l2_err("Invalid core id: %d, ctx id: %d",
+ core_id, ctx->id);
+ return IRQ_HANDLED;
+ }
+
+ mtk_v4l2_debug(1, "id: %d, core id: %d", ctx->id, core_id);
+
+ addr = dev->reg_base[core_id] + MTK_VENC_IRQ_ACK_OFFSET;
- ctx->irq_status = readl(dev->reg_base[dev->venc_pdata->core_id] +
+ ctx->irq_status = readl(dev->reg_base[core_id] +
(MTK_VENC_IRQ_STATUS_OFFSET));
clean_irq_status(ctx->irq_status, addr);
--
2.18.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2, 2/2] media: mediatek: vcodec: make sure pointer isn't NULL before used
2023-04-11 5:54 [PATCH v2, 0/2] fix coverity issues in encoder driver Irui Wang
2023-04-11 5:54 ` [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range Irui Wang
@ 2023-04-11 5:54 ` Irui Wang
2023-04-11 7:22 ` Yunfei Dong (董云飞)
2023-04-11 6:25 ` [PATCH v2, 0/2] fix coverity issues in encoder driver Yunfei Dong (董云飞)
2 siblings, 1 reply; 7+ messages in thread
From: Irui Wang @ 2023-04-11 5:54 UTC (permalink / raw)
To: Hans Verkuil, Mauro Carvalho Chehab, Matthias Brugger
Cc: Project_Global_Chrome_Upstream_Group, linux-media, linux-kernel,
linux-arm-kernel, linux-mediatek, maoguang.meng, Yunfei Dong,
Irui Wang
CERT-C Expression check:
Dereferencing buf, which is known to be NULL, check buf is not NULL
before used.
Signed-off-by: Irui Wang <irui.wang@mediatek.com>
---
drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
index d65800a3b89d..db65e77bd373 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
@@ -943,7 +943,7 @@ static int vb2ops_venc_start_streaming(struct vb2_queue *q, unsigned int count)
* FIXME: This check is not needed as only active buffers
* can be marked as done.
*/
- if (buf->state == VB2_BUF_STATE_ACTIVE) {
+ if (buf && buf->state == VB2_BUF_STATE_ACTIVE) {
mtk_v4l2_debug(0, "[%d] id=%d, type=%d, %d -> VB2_BUF_STATE_QUEUED",
ctx->id, i, q->type,
(int)buf->state);
--
2.18.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2, 0/2] fix coverity issues in encoder driver
2023-04-11 5:54 [PATCH v2, 0/2] fix coverity issues in encoder driver Irui Wang
2023-04-11 5:54 ` [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range Irui Wang
2023-04-11 5:54 ` [PATCH v2, 2/2] media: mediatek: vcodec: make sure pointer isn't NULL before used Irui Wang
@ 2023-04-11 6:25 ` Yunfei Dong (董云飞)
2 siblings, 0 replies; 7+ messages in thread
From: Yunfei Dong (董云飞) @ 2023-04-11 6:25 UTC (permalink / raw)
To: matthias.bgg, mchehab, Irui Wang (王瑞), hverkuil-cisco
Cc: linux-arm-kernel, linux-kernel, linux-media, linux-mediatek,
Maoguang Meng (孟毛广),
Project_Global_Chrome_Upstream_Group
Hi Irui,
On Tue, 2023-04-11 at 13:54 +0800, Irui Wang wrote:
> two coverity issues in encoder driver, submit two changes for fix
> them.
>
Maybe better:
Submit two changes to fix two kind of coverity issues in encoder
driver.
Best Regards,
Yunfei Dong
> changes compared with v1:
> - separate into two changes.
> ---
>
> Irui Wang (2):
> media: mediatek: vcodec: make sure array index is in valid range
> media: mediatek: vcodec: make sure pointer isn't NULL before used
>
> .../platform/mediatek/vcodec/mtk_vcodec_enc.c | 2 +-
> .../mediatek/vcodec/mtk_vcodec_enc_drv.c | 16 ++++++++++++
> ----
> 2 files changed, 13 insertions(+), 5 deletions(-)
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2, 2/2] media: mediatek: vcodec: make sure pointer isn't NULL before used
2023-04-11 5:54 ` [PATCH v2, 2/2] media: mediatek: vcodec: make sure pointer isn't NULL before used Irui Wang
@ 2023-04-11 7:22 ` Yunfei Dong (董云飞)
2023-04-11 7:38 ` Irui Wang (王瑞)
0 siblings, 1 reply; 7+ messages in thread
From: Yunfei Dong (董云飞) @ 2023-04-11 7:22 UTC (permalink / raw)
To: matthias.bgg, mchehab, Irui Wang (王瑞), hverkuil-cisco
Cc: linux-arm-kernel, linux-kernel, linux-media, linux-mediatek,
Maoguang Meng (孟毛广),
Project_Global_Chrome_Upstream_Group
Hi Irui,
On Tue, 2023-04-11 at 13:54 +0800, Irui Wang wrote:
> CERT-C Expression check:
> Dereferencing buf, which is known to be NULL, check buf is not NULL
> before used.
>
Whether 'dereferencing buf' is one kind of CERT-C Expression check?
You can re-write commit message and subject.
CERT-C Expression check (Dereferencing buf):
Making sure the pointer is not NULL before to be used.
Best Regards,
Yunfei Dong
> Signed-off-by: Irui Wang <irui.wang@mediatek.com>
> ---
> drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> index d65800a3b89d..db65e77bd373 100644
> --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> @@ -943,7 +943,7 @@ static int vb2ops_venc_start_streaming(struct
> vb2_queue *q, unsigned int count)
> * FIXME: This check is not needed as only active
> buffers
> * can be marked as done.
> */
> - if (buf->state == VB2_BUF_STATE_ACTIVE) {
> + if (buf && buf->state == VB2_BUF_STATE_ACTIVE) {
> mtk_v4l2_debug(0, "[%d] id=%d, type=%d, %d ->
> VB2_BUF_STATE_QUEUED",
> ctx->id, i, q->type,
> (int)buf->state);
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2, 2/2] media: mediatek: vcodec: make sure pointer isn't NULL before used
2023-04-11 7:22 ` Yunfei Dong (董云飞)
@ 2023-04-11 7:38 ` Irui Wang (王瑞)
0 siblings, 0 replies; 7+ messages in thread
From: Irui Wang (王瑞) @ 2023-04-11 7:38 UTC (permalink / raw)
To: matthias.bgg, mchehab, Yunfei Dong (董云飞),
hverkuil-cisco
Cc: linux-arm-kernel, linux-kernel, linux-media, linux-mediatek,
Maoguang Meng (孟毛广),
Project_Global_Chrome_Upstream_Group
Dear Yunfei,
Thanks for your reviewing.
On Tue, 2023-04-11 at 07:22 +0000, Yunfei Dong (董云飞) wrote:
> Hi Irui,
>
> On Tue, 2023-04-11 at 13:54 +0800, Irui Wang wrote:
> > CERT-C Expression check:
> > Dereferencing buf, which is known to be NULL, check buf is not NULL
> > before used.
> >
>
> Whether 'dereferencing buf' is one kind of CERT-C Expression check?
> You can re-write commit message and subject.
>
> CERT-C Expression check (Dereferencing buf):
no, 'buf' is the used variable name, this coverity is 'Dereference null
return value(NULL RETURNS)' .
> Making sure the pointer is not NULL before to be used.
>
> Best Regards,
> Yunfei Dong
Thanks
Best Regards
> > Signed-off-by: Irui Wang <irui.wang@mediatek.com>
> > ---
> > drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git
> > a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> > b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> > index d65800a3b89d..db65e77bd373 100644
> > --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> > +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
> > @@ -943,7 +943,7 @@ static int vb2ops_venc_start_streaming(struct
> > vb2_queue *q, unsigned int count)
> > * FIXME: This check is not needed as only active
> > buffers
> > * can be marked as done.
> > */
> > - if (buf->state == VB2_BUF_STATE_ACTIVE) {
> > + if (buf && buf->state == VB2_BUF_STATE_ACTIVE) {
> > mtk_v4l2_debug(0, "[%d] id=%d, type=%d, %d ->
> > VB2_BUF_STATE_QUEUED",
> > ctx->id, i, q->type,
> > (int)buf->state);
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range
2023-04-11 5:54 ` [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range Irui Wang
@ 2023-04-11 8:22 ` Alexandre Mergnat
0 siblings, 0 replies; 7+ messages in thread
From: Alexandre Mergnat @ 2023-04-11 8:22 UTC (permalink / raw)
To: Irui Wang, Hans Verkuil, Mauro Carvalho Chehab, Matthias Brugger
Cc: Project_Global_Chrome_Upstream_Group, linux-media, linux-kernel,
linux-arm-kernel, linux-mediatek, maoguang.meng, Yunfei Dong
On 11/04/2023 07:54, Irui Wang wrote:
> CERT-C Characters and Strings:
> dev->reg_base[dev->venc_pdata->core_id] evaluates to an address
> that could be at negative offset of an array, check core id is
> in valid range.
Reviewed-by: Alexandre Mergnat <amergnat@baylibre.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-04-11 8:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-11 5:54 [PATCH v2, 0/2] fix coverity issues in encoder driver Irui Wang
2023-04-11 5:54 ` [PATCH v2, 1/2] media: mediatek: vcodec: make sure array index is in valid range Irui Wang
2023-04-11 8:22 ` Alexandre Mergnat
2023-04-11 5:54 ` [PATCH v2, 2/2] media: mediatek: vcodec: make sure pointer isn't NULL before used Irui Wang
2023-04-11 7:22 ` Yunfei Dong (董云飞)
2023-04-11 7:38 ` Irui Wang (王瑞)
2023-04-11 6:25 ` [PATCH v2, 0/2] fix coverity issues in encoder driver Yunfei Dong (董云飞)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).