linux-media.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing
@ 2013-04-15 12:03 Sachin Kamat
  2013-04-15 15:21 ` Sylwester Nawrocki
  0 siblings, 1 reply; 5+ messages in thread
From: Sachin Kamat @ 2013-04-15 12:03 UTC (permalink / raw)
  To: linux-media; +Cc: s.nawrocki, sachin.kamat, patches

If fimc->drv_data is NULL, then fimc->drv_data->num_entities would
cause NULL pointer dereferencing.
While at it also remove the check for fimc->id being negative as 'id' is
unsigned variable and can't be less than 0.

Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
---
 drivers/media/platform/exynos4-is/fimc-core.c |    7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/media/platform/exynos4-is/fimc-core.c b/drivers/media/platform/exynos4-is/fimc-core.c
index f25807d..d388832 100644
--- a/drivers/media/platform/exynos4-is/fimc-core.c
+++ b/drivers/media/platform/exynos4-is/fimc-core.c
@@ -953,10 +953,9 @@ static int fimc_probe(struct platform_device *pdev)
 		fimc->drv_data = fimc_get_drvdata(pdev);
 		fimc->id = pdev->id;
 	}
-	if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities ||
-	    fimc->id < 0) {
-		dev_err(dev, "Invalid driver data or device id (%d/%d)\n",
-			fimc->id, fimc->drv_data->num_entities);
+	if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) {
+		dev_err(dev, "Invalid driver data or device id (%d)\n",
+			fimc->id);
 		return -EINVAL;
 	}
 	if (!dev->of_node)
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing
  2013-04-15 12:03 [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing Sachin Kamat
@ 2013-04-15 15:21 ` Sylwester Nawrocki
  2013-04-16  6:16   ` Sachin Kamat
  0 siblings, 1 reply; 5+ messages in thread
From: Sylwester Nawrocki @ 2013-04-15 15:21 UTC (permalink / raw)
  To: Sachin Kamat; +Cc: linux-media, patches

Hi Sachin,

On 04/15/2013 02:03 PM, Sachin Kamat wrote:
> If fimc->drv_data is NULL, then fimc->drv_data->num_entities would
> cause NULL pointer dereferencing.
> While at it also remove the check for fimc->id being negative as 'id' is
> unsigned variable and can't be less than 0.
> 
> Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
> ---
>  drivers/media/platform/exynos4-is/fimc-core.c |    7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/media/platform/exynos4-is/fimc-core.c b/drivers/media/platform/exynos4-is/fimc-core.c
> index f25807d..d388832 100644
> --- a/drivers/media/platform/exynos4-is/fimc-core.c
> +++ b/drivers/media/platform/exynos4-is/fimc-core.c
> @@ -953,10 +953,9 @@ static int fimc_probe(struct platform_device *pdev)
>  		fimc->drv_data = fimc_get_drvdata(pdev);
>  		fimc->id = pdev->id;
>  	}
> -	if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities ||
> -	    fimc->id < 0) {
> -		dev_err(dev, "Invalid driver data or device id (%d/%d)\n",
> -			fimc->id, fimc->drv_data->num_entities);
> +	if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) {
> +		dev_err(dev, "Invalid driver data or device id (%d)\n",
> +			fimc->id);
>  		return -EINVAL;

Thanks for the patch. To make it more explicit I would prefer to change
id type to 'int', and to leave the check for negative value. There is
a similar issue in fimc-lite.c that could be addressed in same patch.
Could you also fix this and resend ?

Regards,
Sylwester

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing
  2013-04-15 15:21 ` Sylwester Nawrocki
@ 2013-04-16  6:16   ` Sachin Kamat
  2013-04-17 11:03     ` Sylwester Nawrocki
  0 siblings, 1 reply; 5+ messages in thread
From: Sachin Kamat @ 2013-04-16  6:16 UTC (permalink / raw)
  To: Sylwester Nawrocki; +Cc: linux-media, patches

Hi Sylwester,

On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote:

>> -     if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities ||
>> -         fimc->id < 0) {
>> -             dev_err(dev, "Invalid driver data or device id (%d/%d)\n",
>> -                     fimc->id, fimc->drv_data->num_entities);
>> +     if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) {
>> +             dev_err(dev, "Invalid driver data or device id (%d)\n",
>> +                     fimc->id);
>>               return -EINVAL;
>
> Thanks for the patch. To make it more explicit I would prefer to change
> id type to 'int', and to leave the check for negative value. There is
> a similar issue in fimc-lite.c that could be addressed in same patch.
> Could you also fix this and resend ?

Sure.
I also found a few more things to fix and sent a 5 patch fix series
including the above changes.

-- 
With warm regards,
Sachin

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing
  2013-04-16  6:16   ` Sachin Kamat
@ 2013-04-17 11:03     ` Sylwester Nawrocki
  2013-04-17 11:09       ` Sachin Kamat
  0 siblings, 1 reply; 5+ messages in thread
From: Sylwester Nawrocki @ 2013-04-17 11:03 UTC (permalink / raw)
  To: Sachin Kamat; +Cc: linux-media, patches

Hi Sachin,

On 04/16/2013 08:16 AM, Sachin Kamat wrote:
> Hi Sylwester,
> 
> On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote:
> 
>>> -     if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities ||
>>> -         fimc->id < 0) {
>>> -             dev_err(dev, "Invalid driver data or device id (%d/%d)\n",
>>> -                     fimc->id, fimc->drv_data->num_entities);
>>> +     if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) {
>>> +             dev_err(dev, "Invalid driver data or device id (%d)\n",
>>> +                     fimc->id);
>>>               return -EINVAL;
>>
>> Thanks for the patch. To make it more explicit I would prefer to change
>> id type to 'int', and to leave the check for negative value. There is
>> a similar issue in fimc-lite.c that could be addressed in same patch.
>> Could you also fix this and resend ?
> 
> Sure.
> I also found a few more things to fix and sent a 5 patch fix series
> including the above changes.

Thanks a lot for your review and patches. I'll apply patches 1..2/5 for
3.10-rc, and patch 3/5 for 3.11.

Regarding patch 4/5, as can be seen I didn't test the driver as a module
before pushing upstream, my bad! :( So I had a look at it and found a few
more issues. _Almost_ everything is fine now :-) after I fixed those,
I'm going to post related patch set soon. Your patch 4/5 is not applicable
any more unfortunately.

Regarding patch 5/5, I would prefer to keep that code, if you and others
don't mind. Sorry, I'm a bit tied to it ;) Seriously, I hope to have more
V4L2 controls supported for 3.11, so removing and re-adding that chunks
would be a useless churn IMHO.


Regards,
-- 
Sylwester Nawrocki
Samsung Poland R&D Center

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing
  2013-04-17 11:03     ` Sylwester Nawrocki
@ 2013-04-17 11:09       ` Sachin Kamat
  0 siblings, 0 replies; 5+ messages in thread
From: Sachin Kamat @ 2013-04-17 11:09 UTC (permalink / raw)
  To: Sylwester Nawrocki; +Cc: linux-media, patches

Hi Sylwester,

On 17 April 2013 16:33, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote:
> Hi Sachin,
>
> On 04/16/2013 08:16 AM, Sachin Kamat wrote:
>> Hi Sylwester,
>>
>> On 15 April 2013 20:51, Sylwester Nawrocki <s.nawrocki@samsung.com> wrote:
>>
>>>> -     if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities ||
>>>> -         fimc->id < 0) {
>>>> -             dev_err(dev, "Invalid driver data or device id (%d/%d)\n",
>>>> -                     fimc->id, fimc->drv_data->num_entities);
>>>> +     if (!fimc->drv_data || fimc->id >= fimc->drv_data->num_entities) {
>>>> +             dev_err(dev, "Invalid driver data or device id (%d)\n",
>>>> +                     fimc->id);
>>>>               return -EINVAL;
>>>
>>> Thanks for the patch. To make it more explicit I would prefer to change
>>> id type to 'int', and to leave the check for negative value. There is
>>> a similar issue in fimc-lite.c that could be addressed in same patch.
>>> Could you also fix this and resend ?
>>
>> Sure.
>> I also found a few more things to fix and sent a 5 patch fix series
>> including the above changes.
>
> Thanks a lot for your review and patches. I'll apply patches 1..2/5 for
> 3.10-rc, and patch 3/5 for 3.11.

OK. No problem.

>
> Regarding patch 4/5, as can be seen I didn't test the driver as a module
> before pushing upstream, my bad! :( So I had a look at it and found a few
> more issues. _Almost_ everything is fine now :-) after I fixed those,
> I'm going to post related patch set soon. Your patch 4/5 is not applicable
> any more unfortunately.

Not a problem as long as the issue is handled or fixed :).

>
> Regarding patch 5/5, I would prefer to keep that code, if you and others
> don't mind. Sorry, I'm a bit tied to it ;) Seriously, I hope to have more
> V4L2 controls supported for 3.11, so removing and re-adding that chunks
> would be a useless churn IMHO.

Right. That is the reason I kept this patch at the end of the series
so that you may decide as appropriate.

-- 
With warm regards,
Sachin

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-04-17 11:09 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-15 12:03 [PATCH 1/1] [media] exynos4-is: Fix potential null pointer dereferencing Sachin Kamat
2013-04-15 15:21 ` Sylwester Nawrocki
2013-04-16  6:16   ` Sachin Kamat
2013-04-17 11:03     ` Sylwester Nawrocki
2013-04-17 11:09       ` Sachin Kamat

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).