Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3978849pxf; Tue, 16 Mar 2021 02:38:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUDKrEVbwXvXt4cjowygsJ3k1tFBmTgH7xTmNMgacXCckYNL4KmqYor37/kQIOugJCz+VH X-Received: by 2002:a17:906:25c4:: with SMTP id n4mr28908000ejb.359.1615887504711; Tue, 16 Mar 2021 02:38:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615887504; cv=none; d=google.com; s=arc-20160816; b=PjQ5VwMo142jSyH5TWJ2/suSTSM4wyqtR/GphuKMdOf1ibWPrbtMkF77xnHSuHc5K2 Kcgg56sjwVmK50PHZx2fbtEe3auljg47cERvmi2T35rNqs7/B7dHmqUZbmwcTKBTR+1z QnYkNjwMlT+8tWZ/3picoB1h6y7I9ZHZuOPfxUdNV4ew0tKuPOCEBkTrxY6D1RHn/ccz a/bJT3oxz7hZykDcgvf3GceZj+DP5x7kLkTIIs0iDCIDd+cix7cZMYcVVnLI8ehUjV6J ikdm2D/MQcGeDA7fo14eWTTv1SaDHvyIp69VCDLiBAc4Y/dmW4Fw6xd5mUXGIjjgurC6 o9EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:sender:subject:cc:to:from:dkim-signature :dkim-filter; bh=mhirheRq8WviKByzNYMicvIkW+qgbFBkujfQT55US3A=; b=oVw5CcTfgB5/driZzG9GOTiXzMeg9criAFbSkjfMEX4GlmBDzL1bO/EWxLA+QG28Ww JgZvAe9QlsSsm5mtS6C3aew0mgCumKz2FSqi7WdN+dMwMLAunPTm80fhABR0QnRhlcNp CmEHXYxWaWsR7KVrtWsPr8brlBtaPwIIgdhcMIpJrEcVQ1zpnuhXJtNzvriQYEHitKgs shdqv/ar+OlbmQEcqmaZBw1xSH2DtMrqiMvM1+IpAtRraqn+OTXAtWICjSh6VSK+Vqqy YVK6W+sAaDM1qOLIQiM6dAZqRksluT0H7b0cXbT752fHYiR3GknCjApHxtc0BM4qhAkg bMfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@piap.pl header.s=mail header.b=M1cHjUu3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=piap.pl Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e19si12849867ejj.523.2021.03.16.02.38.02; Tue, 16 Mar 2021 02:38:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@piap.pl header.s=mail header.b=M1cHjUu3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=piap.pl Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234590AbhCPIYs (ORCPT + 99 others); Tue, 16 Mar 2021 04:24:48 -0400 Received: from ni.piap.pl ([195.187.100.5]:56778 "EHLO ni.piap.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234643AbhCPIYa (ORCPT ); Tue, 16 Mar 2021 04:24:30 -0400 Received: from t19.piap.pl (OSB1819.piap.pl [10.0.9.19]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ni.piap.pl (Postfix) with ESMTPSA id 4E550443991; Tue, 16 Mar 2021 09:24:26 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 ni.piap.pl 4E550443991 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=piap.pl; s=mail; t=1615883066; bh=mhirheRq8WviKByzNYMicvIkW+qgbFBkujfQT55US3A=; h=From:To:Cc:Subject:Date:From; b=M1cHjUu3FwM/mWOUgYgyeQg/+IMB5YgRujci2wQwovMpygx1bJlK7cbwIfetc0Wcb De3mxr0nIhJpnCg0FyeLfXVMYpQGvOT7s2w4pQcnbJ+VUssRTruncKTNTTJ0Cqe6tP gq/9DjT1zgdw1XTerMnaxLPLicVSW4nHKwkyyc0Q= From: "Krzysztof Halasa" To: Philipp Zabel Cc: Mauro Carvalho Chehab , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] MEDIA CODA: Fix NULL ptr dereference in the encoder. Sender: khalasa@piap.pl Date: Tue, 16 Mar 2021 09:23:47 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-KLMS-Rule-ID: 4 X-KLMS-Message-Action: skipped X-KLMS-AntiSpam-Status: not scanned, whitelist X-KLMS-AntiPhishing: not scanned, whitelist X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, not scanned, whitelist Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ctx->mb_err_cnt_ctrl could be NULL in case of failed initialization (on decoders), and encoders don't use it at all. Fixes: b2d3bef1aa78 ("media: coda: Add a V4L2 user for control error macrob= locks count") Signed-off-by: Krzysztof Halasa Cc: stable@vger.kernel.org # 5.11+ diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platfor= m/coda/coda-bit.c index 2f42808c43a4..26e37cbfe8dd 100644 --- a/drivers/media/platform/coda/coda-bit.c +++ b/drivers/media/platform/coda/coda-bit.c @@ -2373,8 +2373,10 @@ static void coda_finish_decode(struct coda_ctx *ctx) if (err_mb > 0) { if (__ratelimit(&dev->mb_err_rs)) coda_dbg(1, ctx, "errors in %d macroblocks\n", err_mb); - v4l2_ctrl_s_ctrl(ctx->mb_err_cnt_ctrl, - v4l2_ctrl_g_ctrl(ctx->mb_err_cnt_ctrl) + err_mb); + if (ctx->mb_err_cnt_ctrl) + v4l2_ctrl_s_ctrl(ctx->mb_err_cnt_ctrl, + v4l2_ctrl_g_ctrl(ctx->mb_err_cnt_ctrl) + + err_mb); } =20 if (dev->devtype->product =3D=3D CODA_HX4 || diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/plat= form/coda/coda-common.c index 96802b8f47ea..285c80f87b65 100644 --- a/drivers/media/platform/coda/coda-common.c +++ b/drivers/media/platform/coda/coda-common.c @@ -2062,7 +2062,8 @@ static int coda_start_streaming(struct vb2_queue *q, = unsigned int count) if (q_data_dst->fourcc =3D=3D V4L2_PIX_FMT_JPEG) ctx->params.gop_size =3D 1; ctx->gopcounter =3D ctx->params.gop_size - 1; - v4l2_ctrl_s_ctrl(ctx->mb_err_cnt_ctrl, 0); + if (ctx->mb_err_cnt_ctrl) + v4l2_ctrl_s_ctrl(ctx->mb_err_cnt_ctrl, 0); =20 ret =3D ctx->ops->start_streaming(ctx); if (ctx->inst_type =3D=3D CODA_INST_DECODER) { --=20 Krzysztof Ha=C5=82asa Sie=C4=87 Badawcza =C5=81ukasiewicz Przemys=C5=82owy Instytut Automatyki i Pomiar=C3=B3w PIAP Al. Jerozolimskie 202, 02-486 Warszawa