* [bug report] media: cx18: Access v4l2_fh from file
@ 2025-08-18 9:54 Dan Carpenter
2025-08-18 11:17 ` Jacopo Mondi
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2025-08-18 9:54 UTC (permalink / raw)
To: Jacopo Mondi; +Cc: linux-media
Hello Jacopo Mondi,
Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from
Aug 10, 2025 (linux-next), leads to the following Smatch static
checker warning:
drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/cx18/cx18-driver.c
1214 /* Set initial frequency. For PAL/SECAM broadcasts no
1215 'default' channel exists AFAIK. */
1216 if (cx->std == V4L2_STD_NTSC_M_JP)
1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */
1218 else if (cx->std & V4L2_STD_NTSC_M)
1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */
1220
1221 video_input = cx->active_input;
1222 cx->active_input++; /* Force update of input */
--> 1223 cx18_s_input(NULL, &fh, video_input);
^^^^
The patch adds a new dereference of "file" but some of the callers pass a
NULL pointer.
1224
1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code
1226 in one place. */
1227 cx->std++; /* Force full standard initialization */
1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std;
1229 cx18_s_std(NULL, &fh, std);
1230 cx18_s_frequency(NULL, &fh, &vf);
1231 return 0;
1232 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug report] media: cx18: Access v4l2_fh from file
2025-08-18 9:54 [bug report] media: cx18: Access v4l2_fh from file Dan Carpenter
@ 2025-08-18 11:17 ` Jacopo Mondi
2025-08-18 11:29 ` Hans Verkuil
0 siblings, 1 reply; 4+ messages in thread
From: Jacopo Mondi @ 2025-08-18 11:17 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Jacopo Mondi, linux-media, Laurent Pinchart, Hans Verkuil
Hi Dan
On Mon, Aug 18, 2025 at 12:54:00PM +0300, Dan Carpenter wrote:
> Hello Jacopo Mondi,
>
> Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from
> Aug 10, 2025 (linux-next), leads to the following Smatch static
> checker warning:
>
> drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function
> drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function
> drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function
> drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function
> drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function
>
> drivers/media/pci/cx18/cx18-driver.c
> 1214 /* Set initial frequency. For PAL/SECAM broadcasts no
> 1215 'default' channel exists AFAIK. */
> 1216 if (cx->std == V4L2_STD_NTSC_M_JP)
> 1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */
> 1218 else if (cx->std & V4L2_STD_NTSC_M)
> 1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */
> 1220
> 1221 video_input = cx->active_input;
> 1222 cx->active_input++; /* Force update of input */
> --> 1223 cx18_s_input(NULL, &fh, video_input);
> ^^^^
> The patch adds a new dereference of "file" but some of the callers pass a
> NULL pointer.
smart smatch! Indeed the DVB layer calls the ioctl operation handler
directly, without a valid file *.
>
> 1224
> 1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code
> 1226 in one place. */
> 1227 cx->std++; /* Force full standard initialization */
> 1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std;
> 1229 cx18_s_std(NULL, &fh, std);
> 1230 cx18_s_frequency(NULL, &fh, &vf);
And I guess the same reasoning applies to these two.
I'll send a patch right away
> 1231 return 0;
> 1232 }
>
> regards,
> dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug report] media: cx18: Access v4l2_fh from file
2025-08-18 11:17 ` Jacopo Mondi
@ 2025-08-18 11:29 ` Hans Verkuil
2025-08-18 11:37 ` Jacopo Mondi
0 siblings, 1 reply; 4+ messages in thread
From: Hans Verkuil @ 2025-08-18 11:29 UTC (permalink / raw)
To: Jacopo Mondi, Dan Carpenter; +Cc: linux-media, Laurent Pinchart, Hans Verkuil
On 18/08/2025 13:17, Jacopo Mondi wrote:
> Hi Dan
>
> On Mon, Aug 18, 2025 at 12:54:00PM +0300, Dan Carpenter wrote:
>> Hello Jacopo Mondi,
>>
>> Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from
>> Aug 10, 2025 (linux-next), leads to the following Smatch static
>> checker warning:
>>
>> drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function
>> drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function
>> drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function
>> drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function
>> drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function
>>
>> drivers/media/pci/cx18/cx18-driver.c
>> 1214 /* Set initial frequency. For PAL/SECAM broadcasts no
>> 1215 'default' channel exists AFAIK. */
>> 1216 if (cx->std == V4L2_STD_NTSC_M_JP)
>> 1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */
>> 1218 else if (cx->std & V4L2_STD_NTSC_M)
>> 1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */
>> 1220
>> 1221 video_input = cx->active_input;
>> 1222 cx->active_input++; /* Force update of input */
>> --> 1223 cx18_s_input(NULL, &fh, video_input);
>> ^^^^
>> The patch adds a new dereference of "file" but some of the callers pass a
>> NULL pointer.
>
> smart smatch! Indeed the DVB layer calls the ioctl operation handler
> directly, without a valid file *.
>
>>
>> 1224
>> 1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code
>> 1226 in one place. */
>> 1227 cx->std++; /* Force full standard initialization */
>> 1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std;
>> 1229 cx18_s_std(NULL, &fh, std);
>> 1230 cx18_s_frequency(NULL, &fh, &vf);
>
> And I guess the same reasoning applies to these two.
ivtv does the same (cx18 is closely based on ivtv).
Regards,
Hans
>
> I'll send a patch right away
>
>> 1231 return 0;
>> 1232 }
>>
>> regards,
>> dan carpenter
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug report] media: cx18: Access v4l2_fh from file
2025-08-18 11:29 ` Hans Verkuil
@ 2025-08-18 11:37 ` Jacopo Mondi
0 siblings, 0 replies; 4+ messages in thread
From: Jacopo Mondi @ 2025-08-18 11:37 UTC (permalink / raw)
To: Hans Verkuil
Cc: Jacopo Mondi, Dan Carpenter, linux-media, Laurent Pinchart,
Hans Verkuil
Hi Hans,
On Mon, Aug 18, 2025 at 01:29:23PM +0200, Hans Verkuil wrote:
> On 18/08/2025 13:17, Jacopo Mondi wrote:
> > Hi Dan
> >
> > On Mon, Aug 18, 2025 at 12:54:00PM +0300, Dan Carpenter wrote:
> >> Hello Jacopo Mondi,
> >>
> >> Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from
> >> Aug 10, 2025 (linux-next), leads to the following Smatch static
> >> checker warning:
> >>
> >> drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function
> >> drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function
> >> drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function
> >> drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function
> >> drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function
> >>
> >> drivers/media/pci/cx18/cx18-driver.c
> >> 1214 /* Set initial frequency. For PAL/SECAM broadcasts no
> >> 1215 'default' channel exists AFAIK. */
> >> 1216 if (cx->std == V4L2_STD_NTSC_M_JP)
> >> 1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */
> >> 1218 else if (cx->std & V4L2_STD_NTSC_M)
> >> 1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */
> >> 1220
> >> 1221 video_input = cx->active_input;
> >> 1222 cx->active_input++; /* Force update of input */
> >> --> 1223 cx18_s_input(NULL, &fh, video_input);
> >> ^^^^
> >> The patch adds a new dereference of "file" but some of the callers pass a
> >> NULL pointer.
> >
> > smart smatch! Indeed the DVB layer calls the ioctl operation handler
> > directly, without a valid file *.
> >
> >>
> >> 1224
> >> 1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code
> >> 1226 in one place. */
> >> 1227 cx->std++; /* Force full standard initialization */
> >> 1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std;
> >> 1229 cx18_s_std(NULL, &fh, std);
> >> 1230 cx18_s_frequency(NULL, &fh, &vf);
> >
> > And I guess the same reasoning applies to these two.
>
> ivtv does the same (cx18 is closely based on ivtv).
Thanks, I'll address both in a single series
>
> Regards,
>
> Hans
>
> >
> > I'll send a patch right away
> >
> >> 1231 return 0;
> >> 1232 }
> >>
> >> regards,
> >> dan carpenter
> >
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-08-18 11:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-18 9:54 [bug report] media: cx18: Access v4l2_fh from file Dan Carpenter
2025-08-18 11:17 ` Jacopo Mondi
2025-08-18 11:29 ` Hans Verkuil
2025-08-18 11:37 ` Jacopo Mondi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.