Commit 9e2a90d7 authored by Hans de Goede's avatar Hans de Goede Committed by Mauro Carvalho Chehab
Browse files

media: atomisp: Fix me->stages error checking in sh_css_sp_init_pipeline() 



The current error-checking of me->stages in sh_css_sp_init_pipeline()
has some issues / weirdness:

1. It is checked at the top of the function, but only using the atomisp
   custom assert() macro which e.g. smatch does not recognize

2. It is first dereferenced in "first_binary = me->stages->binary", but
   outside of the assert it is checked much later, triggering the following
   smatch warning:

drivers/staging/media/atomisp/pci/sh_css_sp.c:1255 sh_css_sp_init_pipeline()
warn: variable dereferenced before check 'me->stages' (see line 1224)

Drop the custom assert() calls (note 'me' is never NULL) and instead add
a regular check for me->stages not being set.

Reported-by: default avatarHans Verkuil <hverkuil-cisco@xs4all.nl>
Closes: https://lore.kernel.org/linux-media/7c8fc5b4-280e-844e-cdf5-b6ec2a1616aa@xs4all.nl/


Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
Signed-off-by: default avatarHans Verkuil <hverkuil-cisco@xs4all.nl>
parent 7b4846b6

drivers/staging/media/atomisp/pci/sh_css_sp.c

+8 −6
Original line number Diff line number Diff line
@@ -51,6 +51,7 @@ 
#include "ia_css_event.h"

#include "mmu_device.h"

#include "ia_css_spctrl.h"

#include "atomisp_internal.h"



#ifndef offsetof

#define offsetof(T, x) ((unsigned int)&(((T *)0)->x))
@@ -1212,14 +1213,15 @@ sh_css_sp_init_pipeline(struct ia_css_pipeline *me, 
	struct ia_css_binary	     *first_binary = NULL;

	struct ia_css_pipe *pipe = NULL;

	unsigned int num;



	enum ia_css_pipe_id pipe_id = id;

	unsigned int thread_id;

	u8 if_config_index, tmp_if_config_index;



	assert(me);



	assert(me->stages);

	if (!me->stages) {

		dev_err(atomisp_dev, "%s called on a pipeline without stages\n",

			__func__);

		return; /* FIXME should be able to return an error */

	}



	first_binary = me->stages->binary;
@@ -1252,8 +1254,8 @@ sh_css_sp_init_pipeline(struct ia_css_pipeline *me, 
	} /* if (first_binary != NULL) */



	/* Signal the host immediately after start for SP_ISYS_COPY only */

	if ((me->num_stages == 1) && me->stages &&

	    (me->stages->sp_func == IA_CSS_PIPELINE_ISYS_COPY))

	if (me->num_stages == 1 &&

	    me->stages->sp_func == IA_CSS_PIPELINE_ISYS_COPY)

		sh_css_sp_group.config.no_isp_sync = true;



	/* Init stage data */