| Message ID | d25dd8ca8edffc6cc8cee2dac9b907c333a0aa84.1461403421.git.mchehab@osg.samsung.com (mailing list archive) |
|---|---|
| State | Superseded, archived |
| Headers |
Received: from mail.tu-berlin.de ([130.149.7.33]) by www.linuxtv.org with esmtp (Exim 4.84_2) (envelope-from <linux-media-owner@vger.kernel.org>) id 1attpF-0005sS-QC; Sat, 23 Apr 2016 09:26:05 +0000 X-tubIT-Incoming-IP: 209.132.180.67 Received: from vger.kernel.org ([209.132.180.67]) by mail.tu-berlin.de (exim-4.76/mailfrontend-8) with esmtp id 1attpB-0001rY-kc; Sat, 23 Apr 2016 11:26:03 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751742AbcDWJZ6 (ORCPT <rfc822;mkrufky@linuxtv.org> + 1 other); Sat, 23 Apr 2016 05:25:58 -0400 Received: from bombadil.infradead.org ([198.137.202.9]:37155 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751681AbcDWJZ5 (ORCPT <rfc822;linux-media@vger.kernel.org>); Sat, 23 Apr 2016 05:25:57 -0400 Received: from [179.179.37.210] (helo=smtp.w2.samsung.com) by bombadil.infradead.org with esmtpsa (Exim 4.80.1 #2 (Red Hat Linux)) id 1attp5-00028u-S0; Sat, 23 Apr 2016 09:25:56 +0000 Received: from mchehab by smtp.w2.samsung.com with local (Exim 4.86_2) (envelope-from <mchehab@osg.samsung.com>) id 1attmy-0005iy-IU; Sat, 23 Apr 2016 06:23:44 -0300 From: Mauro Carvalho Chehab <mchehab@osg.samsung.com> To: Linux Media Mailing List <linux-media@vger.kernel.org> Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>, Mauro Carvalho Chehab <mchehab@infradead.org>, Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> Subject: [PATCH] [media] tvp686x: Don't go past array Date: Sat, 23 Apr 2016 06:23:43 -0300 Message-Id: <d25dd8ca8edffc6cc8cee2dac9b907c333a0aa84.1461403421.git.mchehab@osg.samsung.com> X-Mailer: git-send-email 2.5.5 Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: <linux-media.vger.kernel.org> X-Mailing-List: linux-media@vger.kernel.org X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.23.91817 X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report=' MULTIPLE_RCPTS 0.1, HTML_00_01 0.05, HTML_00_10 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1600_1699 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_NAME_PHRASE 0, NO_URI_HTTPS 0, SINGLE_URI_IN_BODY 0, URI_ENDS_IN_HTML 0, __ANY_URI 0, __CP_MEDIA_BODY 0, __CP_URI_IN_BODY 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HAS_X_MAILING_LIST 0, __MIME_TEXT_ONLY 0, __MULTIPLE_RCPTS_CC_X2 0, __SANE_MSGID 0, __SINGLE_URI_TEXT 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __URI_IN_BODY 0, __URI_NO_WWW 0, __URI_NS , __URI_WITH_PATH 0' |
Commit Message
Mauro Carvalho Chehab
April 23, 2016, 9:23 a.m. UTC
Depending on the compiler version, currently it produces the
following warnings:
tw686x-video.c: In function 'tw686x_video_init':
tw686x-video.c:65:543: warning: array subscript is above array bounds [-Warray-bounds]
This is actually bogus with the current code, as it currently
hardcodes the framerate to 30 frames/sec, however a potential
use after the array size could happen when the driver adds support
for setting the framerate. So, fix it.
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
---
drivers/media/pci/tw686x/tw686x-video.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
Comments
On 04/23/2016 11:23 AM, Mauro Carvalho Chehab wrote: > Depending on the compiler version, currently it produces the > following warnings: > tw686x-video.c: In function 'tw686x_video_init': > tw686x-video.c:65:543: warning: array subscript is above array bounds [-Warray-bounds] I posted two patches fixing this and another issue: https://patchwork.linuxtv.org/patch/33942/ https://patchwork.linuxtv.org/patch/33943/ I noticed that I accidentally set them to 'Accepted', so that might be why you didn't see them. I was planning on making a pull request for these on Monday, but you can also take them now since Ezequiel already Acked them. Regards, Hans > > This is actually bogus with the current code, as it currently > hardcodes the framerate to 30 frames/sec, however a potential > use after the array size could happen when the driver adds support > for setting the framerate. So, fix it. > > Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> > --- > drivers/media/pci/tw686x/tw686x-video.c | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/pci/tw686x/tw686x-video.c b/drivers/media/pci/tw686x/tw686x-video.c > index 118e9fac9f28..1ff59084ce08 100644 > --- a/drivers/media/pci/tw686x/tw686x-video.c > +++ b/drivers/media/pci/tw686x/tw686x-video.c > @@ -61,8 +61,19 @@ static unsigned int tw686x_fields_map(v4l2_std_id std, unsigned int fps) > 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, 14, 0, 0 > }; > > - unsigned int i = > - (std & V4L2_STD_625_50) ? std_625_50[fps] : std_525_60[fps]; > + unsigned int i; > + > + if (std & V4L2_STD_625_50) { > + if (unlikely(i > ARRAY_SIZE(std_625_50))) > + i = 14; /* 25 fps */ > + else > + i = std_625_50[fps]; > + } else { > + if (unlikely(i > ARRAY_SIZE(std_525_60))) > + i = 0; /* 30 fps */ > + else > + i = std_525_60[fps]; > + } > > return map[i]; > } > -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Since my patch exchanges the sparse warning with a smatch warning, it's OK to take this one, with a few corrections: Please update the subject line (it says tvp686x instead of tw686x). On 04/23/2016 11:23 AM, Mauro Carvalho Chehab wrote: > Depending on the compiler version, currently it produces the > following warnings: > tw686x-video.c: In function 'tw686x_video_init': > tw686x-video.c:65:543: warning: array subscript is above array bounds [-Warray-bounds] > > This is actually bogus with the current code, as it currently > hardcodes the framerate to 30 frames/sec, however a potential > use after the array size could happen when the driver adds support > for setting the framerate. So, fix it. > > Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> > --- > drivers/media/pci/tw686x/tw686x-video.c | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/pci/tw686x/tw686x-video.c b/drivers/media/pci/tw686x/tw686x-video.c > index 118e9fac9f28..1ff59084ce08 100644 > --- a/drivers/media/pci/tw686x/tw686x-video.c > +++ b/drivers/media/pci/tw686x/tw686x-video.c > @@ -61,8 +61,19 @@ static unsigned int tw686x_fields_map(v4l2_std_id std, unsigned int fps) > 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, 14, 0, 0 > }; > > - unsigned int i = > - (std & V4L2_STD_625_50) ? std_625_50[fps] : std_525_60[fps]; > + unsigned int i; > + > + if (std & V4L2_STD_625_50) { Please test against 525_60 since that is the recommended test. > + if (unlikely(i > ARRAY_SIZE(std_625_50))) Please don't use 'unlikely'. It's pointless for code that is rarely used. Actually, the code is wrong: i is uninitialized here. It should be fps >= ARRAY_SIZE(std_625_50). In fact, I'd write it like this: i = std_625_50[(fps >= ARRAY_SIZE(std_625_50) ? 24 : fps]; > + i = 14; /* 25 fps */ > + else > + i = std_625_50[fps]; > + } else { > + if (unlikely(i > ARRAY_SIZE(std_525_60))) > + i = 0; /* 30 fps */ > + else > + i = std_525_60[fps]; > + } > > return map[i]; > } > Regards, Hans -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/media/pci/tw686x/tw686x-video.c b/drivers/media/pci/tw686x/tw686x-video.c index 118e9fac9f28..1ff59084ce08 100644 --- a/drivers/media/pci/tw686x/tw686x-video.c +++ b/drivers/media/pci/tw686x/tw686x-video.c @@ -61,8 +61,19 @@ static unsigned int tw686x_fields_map(v4l2_std_id std, unsigned int fps) 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, 14, 0, 0 }; - unsigned int i = - (std & V4L2_STD_625_50) ? std_625_50[fps] : std_525_60[fps]; + unsigned int i; + + if (std & V4L2_STD_625_50) { + if (unlikely(i > ARRAY_SIZE(std_625_50))) + i = 14; /* 25 fps */ + else + i = std_625_50[fps]; + } else { + if (unlikely(i > ARRAY_SIZE(std_525_60))) + i = 0; /* 30 fps */ + else + i = std_525_60[fps]; + } return map[i]; }