From: Dan Carpenter <dan.carpenter@oracle.com>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [PATCH] media: uvc: Fix list_for_each() checking
Date: Mon, 22 Jun 2020 14:10:36 +0000 [thread overview]
Message-ID: <20200622141036.GA13774@mwanda> (raw)
If the UVC_QUIRK_IGNORE_SELECTOR_UNIT flag is set, then there is a
problem that the code uses "iterm" after the end of the
list_for_each_entry() loop. It should only be used when the
UVC_ENTITY_IS_ITERM() condition is true and we break from the loop.
Fixes: d5e90b7a6cd1 ("[media] uvcvideo: Move to video_ioctl2")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Please review this one extra carefully because it's from static analysis
and I'm not 100% sure it's correct.
drivers/media/usb/uvc/uvc_v4l2.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
index 0335e69b70ab..945862afa829 100644
--- a/drivers/media/usb/uvc/uvc_v4l2.c
+++ b/drivers/media/usb/uvc/uvc_v4l2.c
@@ -827,28 +827,32 @@ static int uvc_ioctl_enum_input(struct file *file, void *fh,
const struct uvc_entity *selector = chain->selector;
struct uvc_entity *iterm = NULL;
u32 index = input->index;
- int pin = 0;
+ bool found = false;
+ int pin;
if (selector = NULL ||
(chain->dev->quirks & UVC_QUIRK_IGNORE_SELECTOR_UNIT)) {
if (index != 0)
return -EINVAL;
list_for_each_entry(iterm, &chain->entities, chain) {
- if (UVC_ENTITY_IS_ITERM(iterm))
+ if (UVC_ENTITY_IS_ITERM(iterm)) {
+ found = true;
break;
+ }
}
- pin = iterm->id;
} else if (index < selector->bNrInPins) {
pin = selector->baSourceID[index];
list_for_each_entry(iterm, &chain->entities, chain) {
if (!UVC_ENTITY_IS_ITERM(iterm))
continue;
- if (iterm->id = pin)
+ if (iterm->id = pin) {
+ found = true;
break;
+ }
}
}
- if (iterm = NULL || iterm->id != pin)
+ if (!found)
return -EINVAL;
memset(input, 0, sizeof(*input));
--
2.27.0
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [PATCH] media: uvc: Fix list_for_each() checking
Date: Mon, 22 Jun 2020 17:10:36 +0300 [thread overview]
Message-ID: <20200622141036.GA13774@mwanda> (raw)
If the UVC_QUIRK_IGNORE_SELECTOR_UNIT flag is set, then there is a
problem that the code uses "iterm" after the end of the
list_for_each_entry() loop. It should only be used when the
UVC_ENTITY_IS_ITERM() condition is true and we break from the loop.
Fixes: d5e90b7a6cd1 ("[media] uvcvideo: Move to video_ioctl2")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Please review this one extra carefully because it's from static analysis
and I'm not 100% sure it's correct.
drivers/media/usb/uvc/uvc_v4l2.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
index 0335e69b70ab..945862afa829 100644
--- a/drivers/media/usb/uvc/uvc_v4l2.c
+++ b/drivers/media/usb/uvc/uvc_v4l2.c
@@ -827,28 +827,32 @@ static int uvc_ioctl_enum_input(struct file *file, void *fh,
const struct uvc_entity *selector = chain->selector;
struct uvc_entity *iterm = NULL;
u32 index = input->index;
- int pin = 0;
+ bool found = false;
+ int pin;
if (selector == NULL ||
(chain->dev->quirks & UVC_QUIRK_IGNORE_SELECTOR_UNIT)) {
if (index != 0)
return -EINVAL;
list_for_each_entry(iterm, &chain->entities, chain) {
- if (UVC_ENTITY_IS_ITERM(iterm))
+ if (UVC_ENTITY_IS_ITERM(iterm)) {
+ found = true;
break;
+ }
}
- pin = iterm->id;
} else if (index < selector->bNrInPins) {
pin = selector->baSourceID[index];
list_for_each_entry(iterm, &chain->entities, chain) {
if (!UVC_ENTITY_IS_ITERM(iterm))
continue;
- if (iterm->id == pin)
+ if (iterm->id == pin) {
+ found = true;
break;
+ }
}
}
- if (iterm == NULL || iterm->id != pin)
+ if (!found)
return -EINVAL;
memset(input, 0, sizeof(*input));
--
2.27.0
next reply other threads:[~2020-06-22 14:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-22 14:10 Dan Carpenter [this message]
2020-06-22 14:10 ` [PATCH] media: uvc: Fix list_for_each() checking Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200622141036.GA13774@mwanda \
--to=dan.carpenter@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.