The variable 'asd', which may be NULL, is dereferenced before
check. The problem has been fixed by the following patch
which can be cleanly applied to the 5.10 branch.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
From: Tsuchiya Yuto <[email protected]>
commit ac56760a8bbb4e654b2fd54e5de79dd5d72f937d upstream.
There are two occurrences where the variable 'asd' is dereferenced
before check. Fix this issue by using the variable after the check.
Link: https://lore.kernel.org/linux-media/20211122074122.GA6581@kili/
Link: https://lore.kernel.org/linux-media/[email protected]
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Tsuchiya Yuto <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Anastasia Belova <[email protected]>
---
drivers/staging/media/atomisp/pci/atomisp_cmd.c | 3 ++-
drivers/staging/media/atomisp/pci/atomisp_ioctl.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/atomisp_cmd.c b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
index 20c19e08968e..613bd9620224 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_cmd.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
@@ -5243,7 +5243,7 @@ static int atomisp_set_fmt_to_isp(struct video_device *vdev,
int (*configure_pp_input)(struct atomisp_sub_device *asd,
unsigned int width, unsigned int height) =
configure_pp_input_nop;
- u16 stream_index = atomisp_source_pad_to_stream_id(asd, source_pad);
+ u16 stream_index;
const struct atomisp_in_fmt_conv *fc;
int ret, i;
@@ -5252,6 +5252,7 @@ static int atomisp_set_fmt_to_isp(struct video_device *vdev,
__func__, vdev->name);
return -EINVAL;
}
+ stream_index = atomisp_source_pad_to_stream_id(asd, source_pad);
v4l2_fh_init(&fh.vfh, vdev);
diff --git a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
index 8a0648fd7c81..4615e4cae718 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
@@ -1123,7 +1123,7 @@ int __atomisp_reqbufs(struct file *file, void *fh,
struct ia_css_frame *frame;
struct videobuf_vmalloc_memory *vm_mem;
u16 source_pad = atomisp_subdev_source_pad(vdev);
- u16 stream_id = atomisp_source_pad_to_stream_id(asd, source_pad);
+ u16 stream_id;
int ret = 0, i = 0;
if (!asd) {
@@ -1131,6 +1131,7 @@ int __atomisp_reqbufs(struct file *file, void *fh,
__func__, vdev->name);
return -EINVAL;
}
+ stream_id = atomisp_source_pad_to_stream_id(asd, source_pad);
if (req->count == 0) {
mutex_lock(&pipe->capq.vb_lock);
--
2.39.0
On Tue, Jun 27, 2023 at 01:23:34PM +0300, Anastasia Belova wrote:
> From: Tsuchiya Yuto <[email protected]>
>
> commit ac56760a8bbb4e654b2fd54e5de79dd5d72f937d upstream.
>
> There are two occurrences where the variable 'asd' is dereferenced
> before check. Fix this issue by using the variable after the check.
>
> Link: https://lore.kernel.org/linux-media/20211122074122.GA6581@kili/
>
> Link: https://lore.kernel.org/linux-media/[email protected]
> Reported-by: Dan Carpenter <[email protected]>
> Signed-off-by: Tsuchiya Yuto <[email protected]>
> Signed-off-by: Mauro Carvalho Chehab <[email protected]>
> Signed-off-by: Anastasia Belova <[email protected]>
> ---
> drivers/staging/media/atomisp/pci/atomisp_cmd.c | 3 ++-
> drivers/staging/media/atomisp/pci/atomisp_ioctl.c | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
Now queued up, thanks.
greg k-h