Message ID | 1366027438-4560-1-git-send-email-sachin.kamat@linaro.org (mailing list archive) |
---|---|
State | Changes Requested, archived |
Delegated to: | Sylwester Nawrocki |
Headers |
Received: from mail.tu-berlin.de ([130.149.7.33]) by www.linuxtv.org with esmtp (Exim 4.72) (envelope-from <linux-media-owner@vger.kernel.org>) id 1URiKU-00070z-HQ; Mon, 15 Apr 2013 14:16:14 +0200 X-tubIT-Incoming-IP: 209.132.180.67 Received: from vger.kernel.org ([209.132.180.67]) by mail.tu-berlin.de (exim-4.75/mailfrontend-2) with esmtp id 1URiKT-0003HT-IX; Mon, 15 Apr 2013 14:16:14 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932109Ab3DOMQL (ORCPT <rfc822;mkrufky@linuxtv.org> + 1 other); Mon, 15 Apr 2013 08:16:11 -0400 Received: from mail-pa0-f52.google.com ([209.85.220.52]:56438 "EHLO mail-pa0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753449Ab3DOMQL (ORCPT <rfc822;linux-media@vger.kernel.org>); Mon, 15 Apr 2013 08:16:11 -0400 Received: by mail-pa0-f52.google.com with SMTP id fb10so2523700pad.39 for <linux-media@vger.kernel.org>; Mon, 15 Apr 2013 05:16:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer :x-gm-message-state; bh=xnP54JMVWHHGj/HKdZeZs2p8jaqFMF5U+u2eTCyLQYw=; b=I2/5uo4MxgphWz37pc0ZsYpgZ6reKEKrYnOlx+pVPicF8yVAfnCJTBRAm2xkJvbvoM WRkFoiR4a8l1H+luZzUrMoE9E/RatFdfExXE79+6IL21V+w5EJ4w7xp+HhCCwEHr4DLq W3fHHxUIWZ0GbDtgaZea/uorAnhLNdb4L8ynO6mNdT+6KadP4Ck4Lwp3GbaXNk1jvxjo jGccG2OwUk8Ejo/U/pvciPu8l8oMs9kcLMemmsaQ8+/DjtNZC/Ddf0GZIowR5Zu6quKZ W5zsaHn7h+4wSqWdCxCYDebluaWYp3aeEgLrS3mzHhhwOeDXriOejbJfHpLoIttqwidv 6/BQ== X-Received: by 10.66.163.229 with SMTP id yl5mr29241813pab.104.1366028170273; Mon, 15 Apr 2013 05:16:10 -0700 (PDT) Received: from linaro.sisodomain.com ([115.113.119.130]) by mx.google.com with ESMTPS id ba10sm20148470pbd.21.2013.04.15.05.16.07 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 15 Apr 2013 05:16:09 -0700 (PDT) From: Sachin Kamat <sachin.kamat@linaro.org> To: linux-media@vger.kernel.org Cc: s.nawrocki@samsung.com, sachin.kamat@linaro.org, patches@linaro.org Subject: [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing Date: Mon, 15 Apr 2013 17:33:58 +0530 Message-Id: <1366027438-4560-1-git-send-email-sachin.kamat@linaro.org> X-Mailer: git-send-email 1.7.9.5 X-Gm-Message-State: ALoCoQlACxmip+oXmj0NbCF+FXSaMh0FoTtP3YA4PrKPDz52svdWLQdtZjodnOcXYWyu3C+agSyO Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: <linux-media.vger.kernel.org> X-Mailing-List: linux-media@vger.kernel.org X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.4.15.120918 X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report=' MULTIPLE_RCPTS 0.1, HTML_00_01 0.05, HTML_00_10 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1300_1399 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, URI_ENDS_IN_HTML 0, __ANY_URI 0, __CP_URI_IN_BODY 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HAS_X_MAILING_LIST 0, __MIME_TEXT_ONLY 0, __MULTIPLE_RCPTS_CC_X2 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_NO_WWW 0, __URI_NS , __YOUTUBE_RCVD 0' |
Commit Message
Sachin Kamat
April 15, 2013, 12:03 p.m. UTC
If fimc->drv_data is NULL, then fimc->drv_data->num_entities would
cause NULL pointer dereferencing.
While at it also remove the check for fimc->id being negative as 'id' is
unsigned variable and can't be less than 0.
Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
---
drivers/media/platform/exynos4-is/fimc-core.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
Comments
Hi Sachin, On 04/15/2013 02:03 PM, Sachin Kamat wrote: > If fimc->drv_data is NULL, then fimc->drv_data->num_entities would > cause NULL pointer dereferencing. > While at it also remove the check for fimc->id being negative as 'id' is > unsigned variable and can't be less than 0. > > Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> > --- > drivers/media/platform/exynos4-is/fimc-core.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/drivers/media/platform/exynos4-is/fimc-core.c b/drivers/media/platform/exynos4-is/fimc-core.c > index f25807d..d388832 100644 > --- a/drivers/media/platform/exynos4-is/fimc-core.c > +++ b/drivers/media/platform/exynos4-is/fimc-core.c > @@ -953,10 +953,9 @@ static int fimc_probe(struct platform_device *pdev) > fimc->drv_data = fimc_get_drvdata(pdev); > fimc->id = pdev->id; > } > - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || > - fimc->id < 0) { > - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", > - fimc->id, fimc->drv_data->num_entities); > + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { > + dev_err(dev, "Invalid driver data or device id (%d)\n", > + fimc->id); > return -EINVAL; Thanks for the patch. To make it more explicit I would prefer to change id type to 'int', and to leave the check for negative value. There is a similar issue in fimc-lite.c that could be addressed in same patch. Could you also fix this and resend ? Regards, Sylwester -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Sylwester, On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: >> - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || >> - fimc->id < 0) { >> - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", >> - fimc->id, fimc->drv_data->num_entities); >> + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { >> + dev_err(dev, "Invalid driver data or device id (%d)\n", >> + fimc->id); >> return -EINVAL; > > Thanks for the patch. To make it more explicit I would prefer to change > id type to 'int', and to leave the check for negative value. There is > a similar issue in fimc-lite.c that could be addressed in same patch. > Could you also fix this and resend ? Sure. I also found a few more things to fix and sent a 5 patch fix series including the above changes.
Hi Sachin, On 04/16/2013 08:16 AM, Sachin Kamat wrote: > Hi Sylwester, > > On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: > >>> - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || >>> - fimc->id < 0) { >>> - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", >>> - fimc->id, fimc->drv_data->num_entities); >>> + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { >>> + dev_err(dev, "Invalid driver data or device id (%d)\n", >>> + fimc->id); >>> return -EINVAL; >> >> Thanks for the patch. To make it more explicit I would prefer to change >> id type to 'int', and to leave the check for negative value. There is >> a similar issue in fimc-lite.c that could be addressed in same patch. >> Could you also fix this and resend ? > > Sure. > I also found a few more things to fix and sent a 5 patch fix series > including the above changes. Thanks a lot for your review and patches. I'll apply patches 1..2/5 for 3.10-rc, and patch 3/5 for 3.11. Regarding patch 4/5, as can be seen I didn't test the driver as a module before pushing upstream, my bad! :( So I had a look at it and found a few more issues. _Almost_ everything is fine now :-) after I fixed those, I'm going to post related patch set soon. Your patch 4/5 is not applicable any more unfortunately. Regarding patch 5/5, I would prefer to keep that code, if you and others don't mind. Sorry, I'm a bit tied to it ;) Seriously, I hope to have more V4L2 controls supported for 3.11, so removing and re-adding that chunks would be a useless churn IMHO. Regards,
Hi Sylwester, On 17 April 2013 16:33, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: > Hi Sachin, > > On 04/16/2013 08:16 AM, Sachin Kamat wrote: >> Hi Sylwester, >> >> On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote: >> >>>> - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || >>>> - fimc->id < 0) { >>>> - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", >>>> - fimc->id, fimc->drv_data->num_entities); >>>> + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { >>>> + dev_err(dev, "Invalid driver data or device id (%d)\n", >>>> + fimc->id); >>>> return -EINVAL; >>> >>> Thanks for the patch. To make it more explicit I would prefer to change >>> id type to 'int', and to leave the check for negative value. There is >>> a similar issue in fimc-lite.c that could be addressed in same patch. >>> Could you also fix this and resend ? >> >> Sure. >> I also found a few more things to fix and sent a 5 patch fix series >> including the above changes. > > Thanks a lot for your review and patches. I'll apply patches 1..2/5 for > 3.10-rc, and patch 3/5 for 3.11. OK. No problem. > > Regarding patch 4/5, as can be seen I didn't test the driver as a module > before pushing upstream, my bad! :( So I had a look at it and found a few > more issues. _Almost_ everything is fine now :-) after I fixed those, > I'm going to post related patch set soon. Your patch 4/5 is not applicable > any more unfortunately. Not a problem as long as the issue is handled or fixed :). > > Regarding patch 5/5, I would prefer to keep that code, if you and others > don't mind. Sorry, I'm a bit tied to it ;) Seriously, I hope to have more > V4L2 controls supported for 3.11, so removing and re-adding that chunks > would be a useless churn IMHO. Right. That is the reason I kept this patch at the end of the series so that you may decide as appropriate.
diff --git a/drivers/media/platform/exynos4-is/fimc-core.c b/drivers/media/platform/exynos4-is/fimc-core.c index f25807d..d388832 100644 --- a/drivers/media/platform/exynos4-is/fimc-core.c +++ b/drivers/media/platform/exynos4-is/fimc-core.c @@ -953,10 +953,9 @@ static int fimc_probe(struct platform_device *pdev) fimc->drv_data = fimc_get_drvdata(pdev); fimc->id = pdev->id; } - if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities || - fimc->id < 0) { - dev_err(dev, "Invalid driver data or device id (%d/%d)\n", - fimc->id, fimc->drv_data->num_entities); + if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) { + dev_err(dev, "Invalid driver data or device id (%d)\n", + fimc->id); return -EINVAL; } if (!dev->of_node)