In vpfe_register_ccdc_device(), failure to allocate dev->hw_ops
fields calls BUG_ON(). This patch returns the error to callers
instead of crashing. The issue was identified by a static
analysis tool, written by us.
Signed-off-by: Aditya Pakki <[email protected]>
---
v2: Fix alignment of checks within the condition, as suggested by
Hans Verkuil
v1: Fixed the type to a regular variable instead of a pointer,
also added fixes suggested by Ezequiel Garcia.
---
drivers/media/platform/davinci/vpfe_capture.c | 31 ++++++++++---------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/media/platform/davinci/vpfe_capture.c b/drivers/media/platform/davinci/vpfe_capture.c
index 916ed743d716..9b1d9643589b 100644
--- a/drivers/media/platform/davinci/vpfe_capture.c
+++ b/drivers/media/platform/davinci/vpfe_capture.c
@@ -168,21 +168,22 @@ int vpfe_register_ccdc_device(const struct ccdc_hw_device *dev)
int ret = 0;
printk(KERN_NOTICE "vpfe_register_ccdc_device: %s\n", dev->name);
- BUG_ON(!dev->hw_ops.open);
- BUG_ON(!dev->hw_ops.enable);
- BUG_ON(!dev->hw_ops.set_hw_if_params);
- BUG_ON(!dev->hw_ops.configure);
- BUG_ON(!dev->hw_ops.set_buftype);
- BUG_ON(!dev->hw_ops.get_buftype);
- BUG_ON(!dev->hw_ops.enum_pix);
- BUG_ON(!dev->hw_ops.set_frame_format);
- BUG_ON(!dev->hw_ops.get_frame_format);
- BUG_ON(!dev->hw_ops.get_pixel_format);
- BUG_ON(!dev->hw_ops.set_pixel_format);
- BUG_ON(!dev->hw_ops.set_image_window);
- BUG_ON(!dev->hw_ops.get_image_window);
- BUG_ON(!dev->hw_ops.get_line_length);
- BUG_ON(!dev->hw_ops.getfid);
+ if (!dev->hw_ops.open ||
+ !dev->hw_ops.enable ||
+ !dev->hw_ops.set_hw_if_params ||
+ !dev->hw_ops.configure ||
+ !dev->hw_ops.set_buftype ||
+ !dev->hw_ops.get_buftype ||
+ !dev->hw_ops.enum_pix ||
+ !dev->hw_ops.set_frame_format ||
+ !dev->hw_ops.get_frame_format ||
+ !dev->hw_ops.get_pixel_format ||
+ !dev->hw_ops.set_pixel_format ||
+ !dev->hw_ops.set_image_window ||
+ !dev->hw_ops.get_image_window ||
+ !dev->hw_ops.get_line_length ||
+ !dev->hw_ops.getfid)
+ return -EINVAL;
mutex_lock(&ccdc_lock);
if (!ccdc_cfg) {
--
2.20.1
On Mon, Jan 6, 2020 at 2:32 PM Aditya Pakki <[email protected]> wrote:
>
> In vpfe_register_ccdc_device(), failure to allocate dev->hw_ops
> fields calls BUG_ON(). This patch returns the error to callers
> instead of crashing. The issue was identified by a static
> analysis tool, written by us.
>
> Signed-off-by: Aditya Pakki <[email protected]>
Acked-by: Lad Prabhakar <[email protected]>
Cheers,
--Prabhakar Lad
> ---
> v2: Fix alignment of checks within the condition, as suggested by
> Hans Verkuil
>
> v1: Fixed the type to a regular variable instead of a pointer,
> also added fixes suggested by Ezequiel Garcia.
> ---
> drivers/media/platform/davinci/vpfe_capture.c | 31 ++++++++++---------
> 1 file changed, 16 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/media/platform/davinci/vpfe_capture.c b/drivers/media/platform/davinci/vpfe_capture.c
> index 916ed743d716..9b1d9643589b 100644
> --- a/drivers/media/platform/davinci/vpfe_capture.c
> +++ b/drivers/media/platform/davinci/vpfe_capture.c
> @@ -168,21 +168,22 @@ int vpfe_register_ccdc_device(const struct ccdc_hw_device *dev)
> int ret = 0;
> printk(KERN_NOTICE "vpfe_register_ccdc_device: %s\n", dev->name);
>
> - BUG_ON(!dev->hw_ops.open);
> - BUG_ON(!dev->hw_ops.enable);
> - BUG_ON(!dev->hw_ops.set_hw_if_params);
> - BUG_ON(!dev->hw_ops.configure);
> - BUG_ON(!dev->hw_ops.set_buftype);
> - BUG_ON(!dev->hw_ops.get_buftype);
> - BUG_ON(!dev->hw_ops.enum_pix);
> - BUG_ON(!dev->hw_ops.set_frame_format);
> - BUG_ON(!dev->hw_ops.get_frame_format);
> - BUG_ON(!dev->hw_ops.get_pixel_format);
> - BUG_ON(!dev->hw_ops.set_pixel_format);
> - BUG_ON(!dev->hw_ops.set_image_window);
> - BUG_ON(!dev->hw_ops.get_image_window);
> - BUG_ON(!dev->hw_ops.get_line_length);
> - BUG_ON(!dev->hw_ops.getfid);
> + if (!dev->hw_ops.open ||
> + !dev->hw_ops.enable ||
> + !dev->hw_ops.set_hw_if_params ||
> + !dev->hw_ops.configure ||
> + !dev->hw_ops.set_buftype ||
> + !dev->hw_ops.get_buftype ||
> + !dev->hw_ops.enum_pix ||
> + !dev->hw_ops.set_frame_format ||
> + !dev->hw_ops.get_frame_format ||
> + !dev->hw_ops.get_pixel_format ||
> + !dev->hw_ops.set_pixel_format ||
> + !dev->hw_ops.set_image_window ||
> + !dev->hw_ops.get_image_window ||
> + !dev->hw_ops.get_line_length ||
> + !dev->hw_ops.getfid)
> + return -EINVAL;
>
> mutex_lock(&ccdc_lock);
> if (!ccdc_cfg) {
> --
> 2.20.1
>