* [bug report] media: cx18: Access v4l2_fh from file
@ 2025-08-18 9:54 Dan Carpenter
2025-08-18 11:17 ` Jacopo Mondi
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2025-08-18 9:54 UTC (permalink / raw)
To: Jacopo Mondi; +Cc: linux-media
Hello Jacopo Mondi,
Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from
Aug 10, 2025 (linux-next), leads to the following Smatch static
checker warning:
drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function
drivers/media/pci/cx18/cx18-driver.c
1214 /* Set initial frequency. For PAL/SECAM broadcasts no
1215 'default' channel exists AFAIK. */
1216 if (cx->std == V4L2_STD_NTSC_M_JP)
1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */
1218 else if (cx->std & V4L2_STD_NTSC_M)
1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */
1220
1221 video_input = cx->active_input;
1222 cx->active_input++; /* Force update of input */
--> 1223 cx18_s_input(NULL, &fh, video_input);
^^^^
The patch adds a new dereference of "file" but some of the callers pass a
NULL pointer.
1224
1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code
1226 in one place. */
1227 cx->std++; /* Force full standard initialization */
1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std;
1229 cx18_s_std(NULL, &fh, std);
1230 cx18_s_frequency(NULL, &fh, &vf);
1231 return 0;
1232 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [bug report] media: cx18: Access v4l2_fh from file 2025-08-18 9:54 [bug report] media: cx18: Access v4l2_fh from file Dan Carpenter @ 2025-08-18 11:17 ` Jacopo Mondi 2025-08-18 11:29 ` Hans Verkuil 0 siblings, 1 reply; 4+ messages in thread From: Jacopo Mondi @ 2025-08-18 11:17 UTC (permalink / raw) To: Dan Carpenter; +Cc: Jacopo Mondi, linux-media, Laurent Pinchart, Hans Verkuil Hi Dan On Mon, Aug 18, 2025 at 12:54:00PM +0300, Dan Carpenter wrote: > Hello Jacopo Mondi, > > Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from > Aug 10, 2025 (linux-next), leads to the following Smatch static > checker warning: > > drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function > drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function > drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function > drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function > drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function > > drivers/media/pci/cx18/cx18-driver.c > 1214 /* Set initial frequency. For PAL/SECAM broadcasts no > 1215 'default' channel exists AFAIK. */ > 1216 if (cx->std == V4L2_STD_NTSC_M_JP) > 1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */ > 1218 else if (cx->std & V4L2_STD_NTSC_M) > 1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */ > 1220 > 1221 video_input = cx->active_input; > 1222 cx->active_input++; /* Force update of input */ > --> 1223 cx18_s_input(NULL, &fh, video_input); > ^^^^ > The patch adds a new dereference of "file" but some of the callers pass a > NULL pointer. smart smatch! Indeed the DVB layer calls the ioctl operation handler directly, without a valid file *. > > 1224 > 1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code > 1226 in one place. */ > 1227 cx->std++; /* Force full standard initialization */ > 1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std; > 1229 cx18_s_std(NULL, &fh, std); > 1230 cx18_s_frequency(NULL, &fh, &vf); And I guess the same reasoning applies to these two. I'll send a patch right away > 1231 return 0; > 1232 } > > regards, > dan carpenter ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug report] media: cx18: Access v4l2_fh from file 2025-08-18 11:17 ` Jacopo Mondi @ 2025-08-18 11:29 ` Hans Verkuil 2025-08-18 11:37 ` Jacopo Mondi 0 siblings, 1 reply; 4+ messages in thread From: Hans Verkuil @ 2025-08-18 11:29 UTC (permalink / raw) To: Jacopo Mondi, Dan Carpenter; +Cc: linux-media, Laurent Pinchart, Hans Verkuil On 18/08/2025 13:17, Jacopo Mondi wrote: > Hi Dan > > On Mon, Aug 18, 2025 at 12:54:00PM +0300, Dan Carpenter wrote: >> Hello Jacopo Mondi, >> >> Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from >> Aug 10, 2025 (linux-next), leads to the following Smatch static >> checker warning: >> >> drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function >> drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function >> drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function >> drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function >> drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function >> >> drivers/media/pci/cx18/cx18-driver.c >> 1214 /* Set initial frequency. For PAL/SECAM broadcasts no >> 1215 'default' channel exists AFAIK. */ >> 1216 if (cx->std == V4L2_STD_NTSC_M_JP) >> 1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */ >> 1218 else if (cx->std & V4L2_STD_NTSC_M) >> 1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */ >> 1220 >> 1221 video_input = cx->active_input; >> 1222 cx->active_input++; /* Force update of input */ >> --> 1223 cx18_s_input(NULL, &fh, video_input); >> ^^^^ >> The patch adds a new dereference of "file" but some of the callers pass a >> NULL pointer. > > smart smatch! Indeed the DVB layer calls the ioctl operation handler > directly, without a valid file *. > >> >> 1224 >> 1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code >> 1226 in one place. */ >> 1227 cx->std++; /* Force full standard initialization */ >> 1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std; >> 1229 cx18_s_std(NULL, &fh, std); >> 1230 cx18_s_frequency(NULL, &fh, &vf); > > And I guess the same reasoning applies to these two. ivtv does the same (cx18 is closely based on ivtv). Regards, Hans > > I'll send a patch right away > >> 1231 return 0; >> 1232 } >> >> regards, >> dan carpenter > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug report] media: cx18: Access v4l2_fh from file 2025-08-18 11:29 ` Hans Verkuil @ 2025-08-18 11:37 ` Jacopo Mondi 0 siblings, 0 replies; 4+ messages in thread From: Jacopo Mondi @ 2025-08-18 11:37 UTC (permalink / raw) To: Hans Verkuil Cc: Jacopo Mondi, Dan Carpenter, linux-media, Laurent Pinchart, Hans Verkuil Hi Hans, On Mon, Aug 18, 2025 at 01:29:23PM +0200, Hans Verkuil wrote: > On 18/08/2025 13:17, Jacopo Mondi wrote: > > Hi Dan > > > > On Mon, Aug 18, 2025 at 12:54:00PM +0300, Dan Carpenter wrote: > >> Hello Jacopo Mondi, > >> > >> Commit 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file") from > >> Aug 10, 2025 (linux-next), leads to the following Smatch static > >> checker warning: > >> > >> drivers/media/pci/cx18/cx18-driver.c:1223 cx18_init_on_first_open() error: NULL dereference inside function > >> drivers/media/pci/cx18/cx18-driver.c:1229 cx18_init_on_first_open() error: NULL dereference inside function > >> drivers/media/pci/cx18/cx18-driver.c:1230 cx18_init_on_first_open() error: NULL dereference inside function > >> drivers/media/pci/ivtv/ivtv-driver.c:1313 ivtv_init_on_first_open() error: NULL dereference inside function > >> drivers/media/pci/ivtv/ivtv-driver.c:1319 ivtv_init_on_first_open() error: NULL dereference inside function > >> > >> drivers/media/pci/cx18/cx18-driver.c > >> 1214 /* Set initial frequency. For PAL/SECAM broadcasts no > >> 1215 'default' channel exists AFAIK. */ > >> 1216 if (cx->std == V4L2_STD_NTSC_M_JP) > >> 1217 vf.frequency = 1460; /* ch. 1 91250*16/1000 */ > >> 1218 else if (cx->std & V4L2_STD_NTSC_M) > >> 1219 vf.frequency = 1076; /* ch. 4 67250*16/1000 */ > >> 1220 > >> 1221 video_input = cx->active_input; > >> 1222 cx->active_input++; /* Force update of input */ > >> --> 1223 cx18_s_input(NULL, &fh, video_input); > >> ^^^^ > >> The patch adds a new dereference of "file" but some of the callers pass a > >> NULL pointer. > > > > smart smatch! Indeed the DVB layer calls the ioctl operation handler > > directly, without a valid file *. > > > >> > >> 1224 > >> 1225 /* Let the VIDIOC_S_STD ioctl do all the work, keeps the code > >> 1226 in one place. */ > >> 1227 cx->std++; /* Force full standard initialization */ > >> 1228 std = (cx->tuner_std == V4L2_STD_ALL) ? V4L2_STD_NTSC_M : cx->tuner_std; > >> 1229 cx18_s_std(NULL, &fh, std); > >> 1230 cx18_s_frequency(NULL, &fh, &vf); > > > > And I guess the same reasoning applies to these two. > > ivtv does the same (cx18 is closely based on ivtv). Thanks, I'll address both in a single series > > Regards, > > Hans > > > > > I'll send a patch right away > > > >> 1231 return 0; > >> 1232 } > >> > >> regards, > >> dan carpenter > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-08-18 11:37 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-08-18 9:54 [bug report] media: cx18: Access v4l2_fh from file Dan Carpenter 2025-08-18 11:17 ` Jacopo Mondi 2025-08-18 11:29 ` Hans Verkuil 2025-08-18 11:37 ` Jacopo Mondi
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.