Re: [PATCH] media: omap3isp: handle NULL return of omap3isp_video_format_info() in ccdc_is_shiftable().

From: Sakari Ailus
Date: Tue Jun 27 2017 - 01:58:55 EST

Next message: Gaurav Gupta: "[PATCH] regulator: core: Lookup based on supply name alone as last option"
Previous message: Tom Lanyon: "Re: [PATCH] ACPI / sleep: EC-based wakeup from suspend-to-idle on recent systems"
In reply to: H. Nikolaus Schaller: "Re: [PATCH] media: omap3isp: handle NULL return of omap3isp_video_format_info() in ccdc_is_shiftable()."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Nikolaus,

On Tue, Jun 27, 2017 at 07:46:51AM +0200, H. Nikolaus Schaller wrote:
> Hi,
>
> > Am 26.06.2017 um 22:12 schrieb Sakari Ailus <sakari.ailus@xxxxxx>:
> >
> > Hi Nikolaus,
> >
> > On Mon, Jun 26, 2017 at 07:54:19PM +0200, H. Nikolaus Schaller wrote:
> >> If a camera module driver specifies a format that is not
> >> supported by omap3isp this ends in a NULL pointer
> >> dereference instead of a simple fail.
> >
> > Has this happened in practice?
>
> Yes. I wouldn't have noticed it otherwise.
>
> It happens with a new ov965x driver just submitted for review.
> It seems to provide some format that the omap3isp does not understand.
>
> I can send you a console stack log if needed.

No need to. I think indeed what was missed is that the code may come from
elsewhere than the omap3isp driver pads themselves where it already has been
validated. Adding a comment saying that wouldn't hurt IMO.

I think the following change should be probably made as well. Feel free to
merge to the same patch.

diff --git a/drivers/media/platform/omap3isp/ispccdc.c b/drivers/media/platform/omap3isp/ispccdc.c
index 7207558..71de993 100644
--- a/drivers/media/platform/omap3isp/ispccdc.c
+++ b/drivers/media/platform/omap3isp/ispccdc.c
@@ -1160,7 +1160,8 @@ static void ccdc_configure(struct isp_ccdc_device *ccdc)
fmt_src.which = V4L2_SUBDEV_FORMAT_ACTIVE;
if (!v4l2_subdev_call(sensor, pad, get_fmt, NULL, &fmt_src)) {
fmt_info = omap3isp_video_format_info(fmt_src.format.code);
- depth_in = fmt_info->width;
+ if (fmt_info)
+ depth_in = fmt_info->width;
}

fmt_info = omap3isp_video_format_info(format->code);

>
> > If it does, it is probably a driver bug ---
> > the formats on its pads should be recognised by the driver.
>
> >
> > WARN_ON() around the condition would be good to avoid silently ignoring such
> > issues.
> >
> > I wonder what Laurent thinks.
> >
> >>
> >> Signed-off-by: H. Nikolaus Schaller <hns@xxxxxxxxxxxxx>
> >> ---
> >> drivers/media/platform/omap3isp/ispccdc.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/drivers/media/platform/omap3isp/ispccdc.c b/drivers/media/platform/omap3isp/ispccdc.c
> >> index 2fb755f20a6b..dcf16ee7c612 100644
> >> --- a/drivers/media/platform/omap3isp/ispccdc.c
> >> +++ b/drivers/media/platform/omap3isp/ispccdc.c
> >> @@ -2397,6 +2397,9 @@ static bool ccdc_is_shiftable(u32 in, u32 out, unsigned int additional_shift)
> >> in_info = omap3isp_video_format_info(in);
> >> out_info = omap3isp_video_format_info(out);
> >>
> >> + if (!in_info || !out_info)
> >> + return false;
> >> +
> >> if ((in_info->flavor == 0) || (out_info->flavor == 0))
> >> return false;
> >>

--
Regards,

Sakari Ailus
e-mail: sakari.ailus@xxxxxx XMPP: sailus@xxxxxxxxxxxxxx

Next message: Gaurav Gupta: "[PATCH] regulator: core: Lookup based on supply name alone as last option"
Previous message: Tom Lanyon: "Re: [PATCH] ACPI / sleep: EC-based wakeup from suspend-to-idle on recent systems"
In reply to: H. Nikolaus Schaller: "Re: [PATCH] media: omap3isp: handle NULL return of omap3isp_video_format_info() in ccdc_is_shiftable()."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]