| Message ID | 20230209092502.34300-1-jiasheng@iscas.ac.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] media: platform: mtk-mdp3: Add missing check and free for ida_alloc | expand |
Il 09/02/23 10:25, Jiasheng Jiang ha scritto: > Add the check for the return value of the ida_alloc in order to avoid > NULL pointer dereference. > Moreover, free allocated "ctx->id" if mdp_m2m_open fails later in order > to avoid memory leak. > > Fixes: 61890ccaefaf ("media: platform: mtk-mdp3: add MediaTek MDP3 driver") > Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> > --- > Changelog: > > v2 -> v3: > > 1. Fix the goto label. > > v1 -> v2: > > 1. Fix the check for the ida_alloc. > --- > drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c b/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c > index 5f74ea3b7a52..a2d204e90aa4 100644 > --- a/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c > +++ b/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c > @@ -567,6 +567,11 @@ static int mdp_m2m_open(struct file *file) > } > > ctx->id = ida_alloc(&mdp->mdp_ida, GFP_KERNEL); > + if (ctx->id < 0) { There's one main not-so-minor issue here: ctx->id is u32. Unsigned types cannot evaluate less than zero: they're .. unsigned! There's your fix: ret = ida_alloc ... if (ret) .... ctx->id = ret; Enjoy. Regards, Angelo
diff --git a/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c b/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c index 5f74ea3b7a52..a2d204e90aa4 100644 --- a/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c +++ b/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c @@ -567,6 +567,11 @@ static int mdp_m2m_open(struct file *file) } ctx->id = ida_alloc(&mdp->mdp_ida, GFP_KERNEL); + if (ctx->id < 0) { + ret = ctx->id; + goto err_unlock_mutex; + } + ctx->mdp_dev = mdp; v4l2_fh_init(&ctx->fh, vdev); @@ -617,6 +622,8 @@ static int mdp_m2m_open(struct file *file) v4l2_fh_del(&ctx->fh); err_exit_fh: v4l2_fh_exit(&ctx->fh); + ida_free(&mdp->mdp_ida, ctx->id); +err_unlock_mutex: mutex_unlock(&mdp->m2m_lock); err_free_ctx: kfree(ctx);
Add the check for the return value of the ida_alloc in order to avoid NULL pointer dereference. Moreover, free allocated "ctx->id" if mdp_m2m_open fails later in order to avoid memory leak. Fixes: 61890ccaefaf ("media: platform: mtk-mdp3: add MediaTek MDP3 driver") Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> --- Changelog: v2 -> v3: 1. Fix the goto label. v1 -> v2: 1. Fix the check for the ida_alloc. --- drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c | 7 +++++++ 1 file changed, 7 insertions(+)