2020-02-26 15:34:05

by Eugen Hristev

[permalink] [raw]
Subject: [PATCH v2] media: v4l2-core: fix entity initialization in device_register_subdev

The entity variable was being initialized in the wrong place, before the
parameters have been checked.
To solve this, completely removed the entity variable and replaced it
with the initialization value : &sd->entity.
This will avoid dereferencing 'sd' pointer before it's being checked if
it's NULL.

Fixes: 61f5db549dde ("[media] v4l: Make v4l2_subdev inherit from media_entity")
Signed-off-by: Eugen Hristev <[email protected]>
---
Changes in v2:
- replaced entity with &sd->entity completely as suggested

drivers/media/v4l2-core/v4l2-device.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-device.c b/drivers/media/v4l2-core/v4l2-device.c
index 63d6b147b21e..fa9c806a8ccd 100644
--- a/drivers/media/v4l2-core/v4l2-device.c
+++ b/drivers/media/v4l2-core/v4l2-device.c
@@ -111,9 +111,6 @@ EXPORT_SYMBOL_GPL(v4l2_device_unregister);
int v4l2_device_register_subdev(struct v4l2_device *v4l2_dev,
struct v4l2_subdev *sd)
{
-#if defined(CONFIG_MEDIA_CONTROLLER)
- struct media_entity *entity = &sd->entity;
-#endif
int err;

/* Check for valid input */
@@ -143,7 +140,7 @@ int v4l2_device_register_subdev(struct v4l2_device *v4l2_dev,
#if defined(CONFIG_MEDIA_CONTROLLER)
/* Register the entity. */
if (v4l2_dev->mdev) {
- err = media_device_register_entity(v4l2_dev->mdev, entity);
+ err = media_device_register_entity(v4l2_dev->mdev, &sd->entity);
if (err < 0)
goto error_module;
}
@@ -163,7 +160,7 @@ int v4l2_device_register_subdev(struct v4l2_device *v4l2_dev,

error_unregister:
#if defined(CONFIG_MEDIA_CONTROLLER)
- media_device_unregister_entity(entity);
+ media_device_unregister_entity(&sd->entity);
#endif
error_module:
if (!sd->owner_v4l2_dev)
--
2.20.1


2020-02-26 15:51:07

by Sakari Ailus

[permalink] [raw]
Subject: Re: [PATCH v2] media: v4l2-core: fix entity initialization in device_register_subdev

On Wed, Feb 26, 2020 at 05:28:16PM +0200, Eugen Hristev wrote:
> The entity variable was being initialized in the wrong place, before the
> parameters have been checked.
> To solve this, completely removed the entity variable and replaced it
> with the initialization value : &sd->entity.
> This will avoid dereferencing 'sd' pointer before it's being checked if
> it's NULL.
>
> Fixes: 61f5db549dde ("[media] v4l: Make v4l2_subdev inherit from media_entity")
> Signed-off-by: Eugen Hristev <[email protected]>

Thanks!

Acked-by: Sakari Ailus <[email protected]>

--
Sakari Ailus