From: Dan Carpenter <dan.carpenter@linaro.org>
To: Pengpeng Hou <pengpeng@iscas.ac.cn>
Cc: andy@kernel.org, hansg@kernel.org, mchehab@kernel.org,
sakari.ailus@linux.intel.com, gregkh@linuxfoundation.org,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linux-staging@lists.linux.dev
Subject: Re: [PATCH] media: atomisp: ov2722: flush buffered writes before they overflow
Date: Mon, 23 Mar 2026 16:18:04 +0300 [thread overview]
Message-ID: <acE9jOa5wTvFy3GX@stanley.mountain> (raw)
In-Reply-To: <20260323121730.75257-1-pengpeng@iscas.ac.cn>
On Mon, Mar 23, 2026 at 08:17:30PM +0800, Pengpeng Hou wrote:
> __ov2722_buf_reg_array() appends 8-bit or 16-bit values to the buffered
> register-write payload and only checks whether it should flush after the
> new value has already been written. When ctrl->index points at the last
> byte of the fixed 30-byte data buffer and the next register is 16-bit,
> the helper writes one byte past the end of the local buffer before the
> flush threshold check runs.
>
> Check whether the next value fits before writing it. If not, flush the
> current buffered write first and then append the new value.
>
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
The patch is wrong and just adds dead code.
The function is called in a loop. The buffer has 30 bytes. We
write either 1 or 2 bytes. When the index reaches 28 at the end
of the function then we write the buffer and reset the ctrl->index to
zero. So the new check for if ctrl->index is larger than 28 or 29
at the start of the function will never trigger.
We never actually write to the last two bytes in the array. So the
original code is off by one in that sense, I suppose? The >= should
be > as you wrote your code. Not a huge deal?
This patch has no information about how the bug was identified or how
the patch tested. If you put a note to say that "This was found
via static analysis" it changes how we review the code. Or a note to
say that "this has not been tested" then that also is good information
for reviewers.
There is also no Fixes tag. Adding a Fixes tag helps you figure out
how the bug was introduced or what the original author may have been
thinking. It's also necessary for the review process and the stable
process.
regards,
dan carpenter
next prev parent reply other threads:[~2026-03-23 13:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-23 12:17 [PATCH] media: atomisp: ov2722: flush buffered writes before they overflow Pengpeng Hou
2026-03-23 13:18 ` Dan Carpenter [this message]
2026-03-23 13:43 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acE9jOa5wTvFy3GX@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=andy@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=hansg@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=mchehab@kernel.org \
--cc=pengpeng@iscas.ac.cn \
--cc=sakari.ailus@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox