Commit abd77889 authored Jan 24, 2022 by Zhou Qingyang Committed by Mauro Carvalho Chehab Feb 17, 2022

media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()



In cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to
ctx->active_fmt and there is a dereference of it after that, which could
lead to NULL pointer dereference on failure of devm_kzalloc().

Fix this bug by adding a NULL check of ctx->active_fmt.

This bug was found by a static analyzer.

Builds with 'make allyesconfig' show no new warnings, and our static
analyzer no longer warns about this code.

Fixes: 71681550 ("media: ti-vpe: cal: Move format handling to cal.c and expose helpers")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>

parent cc74074a

drivers/media/platform/ti-vpe/cal-video.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -823,6 +823,9 @@ static int cal_ctx_v4l2_init_formats(struct cal_ctx *ctx)
		/* Enumerate sub device formats and enable all matching local formats */
		ctx->active_fmt = devm_kcalloc(ctx->cal->dev, cal_num_formats,
		sizeof(*ctx->active_fmt), GFP_KERNEL);
		if (!ctx->active_fmt)
		return -ENOMEM;

		ctx->num_active_fmt = 0;

		for (j = 0, i = 0; ; ++j) {