Avoid an underflow while calculating the number of inputs for entities
with zero pads.
Signed-off-by: Ricardo Ribalda <[email protected]>
---
drivers/media/usb/uvc/uvc_driver.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
index 9f4451a2e0a6..534629ecd60d 100644
--- a/drivers/media/usb/uvc/uvc_driver.c
+++ b/drivers/media/usb/uvc/uvc_driver.c
@@ -1033,7 +1033,11 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id,
unsigned int i;
extra_size = roundup(extra_size, sizeof(*entity->pads));
- num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads : num_pads - 1;
+ if (num_pads)
+ num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads :
+ num_pads - 1;
+ else
+ num_inputs = 0;
size = sizeof(*entity) + extra_size + sizeof(*entity->pads) * num_pads
+ num_inputs;
entity = kzalloc(size, GFP_KERNEL);
@@ -1066,7 +1070,7 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id,
for (i = 0; i < num_inputs; ++i)
entity->pads[i].flags = MEDIA_PAD_FL_SINK;
- if (!UVC_ENTITY_IS_OTERM(entity))
+ if (!UVC_ENTITY_IS_OTERM(entity) && num_pads)
entity->pads[num_pads-1].flags = MEDIA_PAD_FL_SOURCE;
entity->bNrInPins = num_inputs;
--
2.29.2.684.gfbc64c5ab5-goog
Hi Ricardo,
Thank you for the patch.
On Tue, Dec 15, 2020 at 04:44:33PM +0100, Ricardo Ribalda wrote:
> Avoid an underflow while calculating the number of inputs for entities
> with zero pads.
>
> Signed-off-by: Ricardo Ribalda <[email protected]>
> ---
> drivers/media/usb/uvc/uvc_driver.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
> index 9f4451a2e0a6..534629ecd60d 100644
> --- a/drivers/media/usb/uvc/uvc_driver.c
> +++ b/drivers/media/usb/uvc/uvc_driver.c
> @@ -1033,7 +1033,11 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id,
> unsigned int i;
>
> extra_size = roundup(extra_size, sizeof(*entity->pads));
> - num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads : num_pads - 1;
> + if (num_pads)
> + num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads :
> + num_pads - 1;
This is a weird indentation. How about the following ?
num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1;
I can fix this when applying.
Reviewed-by: Laurent Pinchart <[email protected]>
> + else
> + num_inputs = 0;
> size = sizeof(*entity) + extra_size + sizeof(*entity->pads) * num_pads
> + num_inputs;
> entity = kzalloc(size, GFP_KERNEL);
> @@ -1066,7 +1070,7 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id,
>
> for (i = 0; i < num_inputs; ++i)
> entity->pads[i].flags = MEDIA_PAD_FL_SINK;
> - if (!UVC_ENTITY_IS_OTERM(entity))
> + if (!UVC_ENTITY_IS_OTERM(entity) && num_pads)
> entity->pads[num_pads-1].flags = MEDIA_PAD_FL_SOURCE;
>
> entity->bNrInPins = num_inputs;
--
Regards,
Laurent Pinchart