Received: by 10.192.165.148 with SMTP id m20csp4635687imm; Tue, 24 Apr 2018 06:08:14 -0700 (PDT) X-Google-Smtp-Source: AIpwx48K6r6TRmcnWW4imll33ZW5yuYL1KULp5+Q8YP+vNOfHry2WXX99kwlW4TxllsvvbaxIB0w X-Received: by 10.101.97.72 with SMTP id o8mr20593033pgv.120.1524575294547; Tue, 24 Apr 2018 06:08:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524575294; cv=none; d=google.com; s=arc-20160816; b=SfxUvQvkSTRxVyrUWJV7Z0SDGMpUKnAx2u+ASED35wQQmlHZpyrDhnfFFlOM4wqlXP S8w7PA1w7Q5DV1AVQf9kqQ5Vr8DgCW9L4cHzjb5/WkQR2zhbsUzGrwRjJIa7ZtJ8CuUq SOogggEDXNrGYTjmvJL36iNmoRdhOmn8OMLdo2WiEU7MV6YvAvmv9rEtRAglg57TtIWR QHJFLPsMBjZUpnxgjO+Fi2Dm/g2Lx1wJMSaqoWViY8Y4QrawSTm11BI6lXodzSoaJIvN 4IdyKXkqMh8VknlwE9ftiKapZ2ceO5al5IdPm/LWtM9zrJXV8FrMkiBccTLkJOcc+7ob DbCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:arc-authentication-results; bh=F1DK43mgWfCax7cVRBDhDeqjXnlv5Szlpx3qqMbul8E=; b=wX8TDDS5WZAdbKy6aGY8UUHPxIj1VQI6GFV6mhos71OS/JesbeDp2AoQNUbiTbplGs qF05uHbi04WGJORlNvRQbA6FA0E1oCcFkXjT6VWV0A71NaqK+0wtWcIa/0ZkgCUX1GhX zFQcvp1mX0xcyFVD9W9x97CO7OCwklxJrKM6qL2pqdUBPidTZXVMSun7uf+lRXK2tGPR v8iY/w6HDSqjhvR+BQObMgt1cRypplYi6jtrR6UWOnh/rU5GTaXTSN7V0/XGVv3lRE0l CwTpIULE/faUuoFcCgG6R8e0Bxyi/r3YUrW4Su6xWlLiKSaqLtB2YeAlPW4IrR1xvuw8 p9lg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t3-v6si746387plq.547.2018.04.24.06.07.59; Tue, 24 Apr 2018 06:08:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757869AbeDXNGg (ORCPT + 99 others); Tue, 24 Apr 2018 09:06:36 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:51876 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751575AbeDXNGf (ORCPT ); Tue, 24 Apr 2018 09:06:35 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1fAxeF-00008R-4X; Tue, 24 Apr 2018 13:06:19 +0000 From: Colin King To: Laurent Pinchart , Mauro Carvalho Chehab , linux-media@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH][next] media: ispstat: don't dereference user_cfg before a null check Date: Tue, 24 Apr 2018 14:06:18 +0100 Message-Id: <20180424130618.18211-1-colin.king@canonical.com> X-Mailer: git-send-email 2.17.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King The pointer user_cfg (a copy of new_conf) is dereference before new_conf is null checked, hence we may have a null pointer dereference on user_cfg when assigning buf_size from user_cfg->buf_size. Ensure this does not occur by moving the assignment of buf_size after the null check. Detected by CoverityScan, CID#1468386 ("Dereference before null check") Fixes: 68e342b3068c ("[media] omap3isp: Statistics") Signed-off-by: Colin Ian King --- drivers/media/platform/omap3isp/ispstat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/platform/omap3isp/ispstat.c b/drivers/media/platform/omap3isp/ispstat.c index 0b31f6c5791f..38cb1b2cc672 100644 --- a/drivers/media/platform/omap3isp/ispstat.c +++ b/drivers/media/platform/omap3isp/ispstat.c @@ -523,7 +523,7 @@ int omap3isp_stat_config(struct ispstat *stat, void *new_conf) int ret; unsigned long irqflags; struct ispstat_generic_config *user_cfg = new_conf; - u32 buf_size = user_cfg->buf_size; + u32 buf_size; if (!new_conf) { dev_dbg(stat->isp->dev, "%s: configuration is NULL\n", @@ -532,6 +532,7 @@ int omap3isp_stat_config(struct ispstat *stat, void *new_conf) } mutex_lock(&stat->ioctl_lock); + buf_size = user_cfg->buf_size; dev_dbg(stat->isp->dev, "%s: configuring module with buffer size=0x%08lx\n", -- 2.17.0