allegro_open() misses a check for v4l2_m2m_ctx_init().
Add a check and error handling code to fix it.
Fixes: f20387dfd065 ("media: allegro: add Allegro DVT video IP core driver")
Signed-off-by: Chuhong Yuan <[email protected]>
---
drivers/staging/media/allegro-dvt/allegro-core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/staging/media/allegro-dvt/allegro-core.c b/drivers/staging/media/allegro-dvt/allegro-core.c
index 6f0cd0784786..5f1d454b41bb 100644
--- a/drivers/staging/media/allegro-dvt/allegro-core.c
+++ b/drivers/staging/media/allegro-dvt/allegro-core.c
@@ -2341,6 +2341,13 @@ static int allegro_open(struct file *file)
channel->fh.m2m_ctx = v4l2_m2m_ctx_init(dev->m2m_dev, channel,
allegro_queue_init);
+ if (IS_ERR(channel->fh.m2m_ctx)) {
+ v4l2_fh_del(&channel->fh);
+ v4l2_fh_exit(&channel->fh);
+ kfree(channel);
+ return PTR_ERR(channel->fh.m2m_ctx);
+ }
+
return 0;
}
--
2.24.0
On Mon, 09 Dec 2019 16:58:07 +0800, Chuhong Yuan wrote:
> allegro_open() misses a check for v4l2_m2m_ctx_init().
> Add a check and error handling code to fix it.
>
> Fixes: f20387dfd065 ("media: allegro: add Allegro DVT video IP core driver")
> Signed-off-by: Chuhong Yuan <[email protected]>
Reviewed-by: Michael Tretter <[email protected]>
> ---
> drivers/staging/media/allegro-dvt/allegro-core.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/staging/media/allegro-dvt/allegro-core.c b/drivers/staging/media/allegro-dvt/allegro-core.c
> index 6f0cd0784786..5f1d454b41bb 100644
> --- a/drivers/staging/media/allegro-dvt/allegro-core.c
> +++ b/drivers/staging/media/allegro-dvt/allegro-core.c
> @@ -2341,6 +2341,13 @@ static int allegro_open(struct file *file)
> channel->fh.m2m_ctx = v4l2_m2m_ctx_init(dev->m2m_dev, channel,
> allegro_queue_init);
>
> + if (IS_ERR(channel->fh.m2m_ctx)) {
> + v4l2_fh_del(&channel->fh);
> + v4l2_fh_exit(&channel->fh);
> + kfree(channel);
> + return PTR_ERR(channel->fh.m2m_ctx);
> + }
> +
> return 0;
> }
>
On Mon, Dec 09, 2019 at 04:58:07PM +0800, Chuhong Yuan wrote:
> diff --git a/drivers/staging/media/allegro-dvt/allegro-core.c b/drivers/staging/media/allegro-dvt/allegro-core.c
> index 6f0cd0784786..5f1d454b41bb 100644
> --- a/drivers/staging/media/allegro-dvt/allegro-core.c
> +++ b/drivers/staging/media/allegro-dvt/allegro-core.c
> @@ -2341,6 +2341,13 @@ static int allegro_open(struct file *file)
> channel->fh.m2m_ctx = v4l2_m2m_ctx_init(dev->m2m_dev, channel,
> allegro_queue_init);
>
> + if (IS_ERR(channel->fh.m2m_ctx)) {
> + v4l2_fh_del(&channel->fh);
> + v4l2_fh_exit(&channel->fh);
> + kfree(channel);
^^^^^^^
Free
> + return PTR_ERR(channel->fh.m2m_ctx);
^^^^^^^^^^^^^^^^^^^
Dereferencing freed memory.
regards,
dan carpenter
> + }
> +