2021-12-01 14:24:47

by Tsuchiya Yuto

[permalink] [raw]
Subject: [PATCH v1 1/1] media: atomisp: fix "variable dereferenced before check 'asd'"

There are two occurrences where the variable 'asd' is dereferenced
before check. Fix this issue by using the variable after the check.

Link: https://lore.kernel.org/linux-media/20211122074122.GA6581@kili/
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Tsuchiya Yuto <[email protected]>

---

I didn't add the Fixes tag considering that the media_stage tree can
be rebased. Here is the commit of the media_stage tree pointed out in
the Link,

c10bcb13462e ("media: atomisp: add NULL check for asd obtained from atomisp_video_pipe")

Can be applied on the top of media_stage tree.
---
drivers/staging/media/atomisp/pci/atomisp_cmd.c | 3 ++-
drivers/staging/media/atomisp/pci/atomisp_ioctl.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/media/atomisp/pci/atomisp_cmd.c b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
index 5a90cc31cd1a..97d5a528969b 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_cmd.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
@@ -5185,7 +5185,7 @@ static int atomisp_set_fmt_to_isp(struct video_device *vdev,
int (*configure_pp_input)(struct atomisp_sub_device *asd,
unsigned int width, unsigned int height) =
configure_pp_input_nop;
- u16 stream_index = atomisp_source_pad_to_stream_id(asd, source_pad);
+ u16 stream_index;
const struct atomisp_in_fmt_conv *fc;
int ret, i;

@@ -5194,6 +5194,7 @@ static int atomisp_set_fmt_to_isp(struct video_device *vdev,
__func__, vdev->name);
return -EINVAL;
}
+ stream_index = atomisp_source_pad_to_stream_id(asd, source_pad);

v4l2_fh_init(&fh.vfh, vdev);

diff --git a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
index 562789c75299..8fd470efd658 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
@@ -1182,7 +1182,7 @@ int __atomisp_reqbufs(struct file *file, void *fh,
struct ia_css_frame *frame;
struct videobuf_vmalloc_memory *vm_mem;
u16 source_pad = atomisp_subdev_source_pad(vdev);
- u16 stream_id = atomisp_source_pad_to_stream_id(asd, source_pad);
+ u16 stream_id;
int ret = 0, i = 0;

if (!asd) {
@@ -1190,6 +1190,7 @@ int __atomisp_reqbufs(struct file *file, void *fh,
__func__, vdev->name);
return -EINVAL;
}
+ stream_id = atomisp_source_pad_to_stream_id(asd, source_pad);

if (req->count == 0) {
mutex_lock(&pipe->capq.vb_lock);
--
2.34.1