Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp3859215rwd; Mon, 29 May 2023 18:40:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7bwswHYNk2jUIfX/48voa/iqblN9MvF9l8KcJ6jqRN9KK3hGBpiec35E9cVDsVbIZqLVo4 X-Received: by 2002:a17:902:e886:b0:1b0:471c:4c3 with SMTP id w6-20020a170902e88600b001b0471c04c3mr982713plg.40.1685410833498; Mon, 29 May 2023 18:40:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685410833; cv=none; d=google.com; s=arc-20160816; b=J/l9VgJFUPVtEN4mRLfVLPKnLr4rgKWLnONXjsnKyLFgAUwGm6SB5OUfNFdOphBkKD U67jfx+sS8WIVE8KoUnEsV8arz/h9RQ3VsMRYP1xcKzHbn8avzHdPPU7EPbPYzSr0g9H gl8veFIxc6ES9NP7f93D7BTmUW9M0+uiCl2e6+aYahZqbHRrGU6jEfymkLkzrmzcJ+Wk lt0JamJkE5Xvjp4y4hkA+I+kaJY972la3fCFfWMESUdXxbxl6ZZ/pFhcZDr03sNJn/Yu jepMYDgflIwB49Ogco6HfFW1VWYDRXfg8IBcFEnm3Vf49wd62plSbwhneReZPcCcKcmC Y0zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=VwZpjbsI9tn4XgIJ/egDpFQuRPnQCzftpiWHokzihpQ=; b=p03ObdlVL8btZcXYoUhMvxMnMx3YEP1ijYcFuk4k9U50rHijlZDXYO3ffVOWNrXE/P IIAkdTttFkc5mfW9ebTC0WRGBBzw9mJ/3aGgy2oQriUQjkqj83dpeIJh8KQsejXUQrGN sYSnqDHstxEAKthQ5kE5bqg2KwzUnLnFx26LWA2w9h4zsFWHmW0ZZ5+EpIUgl9KZyeAL zizv1UE/sZ/TJuSGIux4rDji87m4F5SDpPZUkDE5vFW4mnrU4QAXJLVMzxzcO7mftaCS 2fDx4rzhSPVj7qBmIJ/8hS+V3lMZ3s2YPtMvfqbhzXbmIOUb1+m0JYA9AZ7lgolqkw01 qVVQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g18-20020a170902869200b001ab18d794a5si10016693plo.297.2023.05.29.18.40.15; Mon, 29 May 2023 18:40:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229834AbjE3BRi (ORCPT + 99 others); Mon, 29 May 2023 21:17:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229552AbjE3BRh (ORCPT ); Mon, 29 May 2023 21:17:37 -0400 Received: from hust.edu.cn (unknown [202.114.0.240]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F447DB; Mon, 29 May 2023 18:17:34 -0700 (PDT) Received: from [IPV6:2001:250:4000:5122:716f:f7f7:9d52:5f22] ([172.16.0.254]) (user=dzm91@hust.edu.cn mech=PLAIN bits=0) by mx1.hust.edu.cn with ESMTP id 34U1F5td003739-34U1F5te003739 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 30 May 2023 09:15:06 +0800 Message-ID: <680d83a5-22fa-4851-b82d-ca59b67c5ad2@hust.edu.cn> Date: Tue, 30 May 2023 09:11:55 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH] media: atomisp: move the sanity checks before variable dereferences Content-Language: en-US To: Hans de Goede , Mauro Carvalho Chehab , Sakari Ailus , Greg Kroah-Hartman , Andy Shevchenko Cc: linux-media@vger.kernel.org, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org References: <20230529152136.11719-1-dzm91@hust.edu.cn> From: Dongliang Mu In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-FEAS-AUTH-USER: dzm91@hust.edu.cn X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,NICE_REPLY_A, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/29/23 23:46, Hans de Goede wrote: > Hi, > > On 5/29/23 17:21, Dongliang Mu wrote: >> Smatch reports: >> >> sh_css_load_firmware() warn: variable dereferenced before check 'fw_data' >> >> The variable fw_data can be NULL in sh_css_load_firmware, resulting in >> NULL pointer dereference. >> >> Fix this by moving the sanity checks before variable dereferences. >> >> Signed-off-by: Dongliang Mu > > Thank you for your patch, but the same patch has already been submitted > and merged into my media-atomisp branch about a week ago: > > https://git.kernel.org/pub/scm/linux/kernel/git/hansg/linux.git/commit/?h=media-atomisp&id=c09907049eea9f12e959fb88c02a483a4c5eee89 I see. Thanks for your reply. > >> --- >> drivers/staging/media/atomisp/pci/sh_css_firmware.c | 8 ++++---- >> 1 file changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/staging/media/atomisp/pci/sh_css_firmware.c b/drivers/staging/media/atomisp/pci/sh_css_firmware.c >> index e7ef578db8ab..38b757c3df0a 100644 >> --- a/drivers/staging/media/atomisp/pci/sh_css_firmware.c >> +++ b/drivers/staging/media/atomisp/pci/sh_css_firmware.c >> @@ -229,6 +229,10 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, >> struct sh_css_fw_bi_file_h *file_header; >> int ret; >> >> + /* some sanity checks */ >> + if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) >> + return -EINVAL; >> + >> firmware_header = (struct firmware_header *)fw_data; >> file_header = &firmware_header->file_header; >> binaries = &firmware_header->binary_header; >> @@ -243,10 +247,6 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, >> IA_CSS_LOG("successfully load firmware version %s", release_version); >> } >> >> - /* some sanity checks */ >> - if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) >> - return -EINVAL; >> - >> if (file_header->h_size != sizeof(struct sh_css_fw_bi_file_h)) >> return -EINVAL; >>