From patchwork Tue Apr 24 08:24:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luca Ceresoli X-Patchwork-Id: 10358963 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 91D2C60225 for ; Tue, 24 Apr 2018 08:25:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8137728CF7 for ; Tue, 24 Apr 2018 08:25:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 760FE28D3F; Tue, 24 Apr 2018 08:25:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1F67C28CF7 for ; Tue, 24 Apr 2018 08:25:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756643AbeDXIZn (ORCPT ); Tue, 24 Apr 2018 04:25:43 -0400 Received: from srv-hp10-72.netsons.net ([94.141.22.72]:60910 "EHLO srv-hp10-72.netsons.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756552AbeDXIYh (ORCPT ); Tue, 24 Apr 2018 04:24:37 -0400 Received: from [109.168.11.45] (port=48286 helo=pc-ceresoli.dev.aim) by srv-hp10.netsons.net with esmtpa (Exim 4.89_1) (envelope-from ) id 1fAtFY-000Mfg-Nv; Tue, 24 Apr 2018 10:24:32 +0200 From: Luca Ceresoli To: linux-media@vger.kernel.org Cc: Luca Ceresoli , Leon Luo , Mauro Carvalho Chehab , linux-kernel@vger.kernel.org Subject: [PATCH v2 07/13] media: imx274: initialize format before v4l2 controls Date: Tue, 24 Apr 2018 10:24:12 +0200 Message-Id: <1524558258-530-8-git-send-email-luca@lucaceresoli.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1524558258-530-1-git-send-email-luca@lucaceresoli.net> References: <1524558258-530-1-git-send-email-luca@lucaceresoli.net> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - srv-hp10.netsons.net X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - lucaceresoli.net X-Get-Message-Sender-Via: srv-hp10.netsons.net: authenticated_id: luca+lucaceresoli.net/only user confirmed/virtual account not confirmed X-Authenticated-Sender: srv-hp10.netsons.net: luca@lucaceresoli.net X-Source: X-Source-Args: X-Source-Dir: Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The current probe function calls v4l2_ctrl_handler_setup() before initializing the format info. This triggers call paths such as: imx274_probe -> v4l2_ctrl_handler_setup -> imx274_s_ctrl -> imx274_set_exposure, where priv->mode_index is accessed before being assigned. This is wrong but does not trigger a visible bug because priv is zero-initialized and 0 is the default value for priv->mode_index. But this would become a crash in follow-up commits when mode_index is replaced by a pointer that must always be valid. Fix the bug before it shows up by initializing struct members early. Signed-off-by: Luca Ceresoli --- Changed v1 -> v2: - add "media: " prefix to commit message --- drivers/media/i2c/imx274.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/media/i2c/imx274.c b/drivers/media/i2c/imx274.c index 63fb94e7da37..8a8a11b8d75d 100644 --- a/drivers/media/i2c/imx274.c +++ b/drivers/media/i2c/imx274.c @@ -1632,6 +1632,16 @@ static int imx274_probe(struct i2c_client *client, mutex_init(&imx274->lock); + /* initialize format */ + imx274->mode_index = IMX274_MODE_3840X2160; + imx274->format.width = imx274_formats[0].size.width; + imx274->format.height = imx274_formats[0].size.height; + imx274->format.field = V4L2_FIELD_NONE; + imx274->format.code = MEDIA_BUS_FMT_SRGGB10_1X10; + imx274->format.colorspace = V4L2_COLORSPACE_SRGB; + imx274->frame_interval.numerator = 1; + imx274->frame_interval.denominator = IMX274_DEF_FRAME_RATE; + /* initialize regmap */ imx274->regmap = devm_regmap_init_i2c(client, &imx274_regmap_config); if (IS_ERR(imx274->regmap)) { @@ -1720,16 +1730,6 @@ static int imx274_probe(struct i2c_client *client, goto err_ctrls; } - /* initialize format */ - imx274->mode_index = IMX274_MODE_3840X2160; - imx274->format.width = imx274_formats[0].size.width; - imx274->format.height = imx274_formats[0].size.height; - imx274->format.field = V4L2_FIELD_NONE; - imx274->format.code = MEDIA_BUS_FMT_SRGGB10_1X10; - imx274->format.colorspace = V4L2_COLORSPACE_SRGB; - imx274->frame_interval.numerator = 1; - imx274->frame_interval.denominator = IMX274_DEF_FRAME_RATE; - /* load default control values */ ret = imx274_load_default(imx274); if (ret) {