| Message ID | 20230529152136.11719-1-dzm91@hust.edu.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | media: atomisp: move the sanity checks before variable dereferences | expand |
Hi, On 5/29/23 17:21, Dongliang Mu wrote: > Smatch reports: > > sh_css_load_firmware() warn: variable dereferenced before check 'fw_data' > > The variable fw_data can be NULL in sh_css_load_firmware, resulting in > NULL pointer dereference. > > Fix this by moving the sanity checks before variable dereferences. > > Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn> Thank you for your patch, but the same patch has already been submitted and merged into my media-atomisp branch about a week ago: https://git.kernel.org/pub/scm/linux/kernel/git/hansg/linux.git/commit/?h=media-atomisp&id=c09907049eea9f12e959fb88c02a483a4c5eee89 > --- > drivers/staging/media/atomisp/pci/sh_css_firmware.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/staging/media/atomisp/pci/sh_css_firmware.c b/drivers/staging/media/atomisp/pci/sh_css_firmware.c > index e7ef578db8ab..38b757c3df0a 100644 > --- a/drivers/staging/media/atomisp/pci/sh_css_firmware.c > +++ b/drivers/staging/media/atomisp/pci/sh_css_firmware.c > @@ -229,6 +229,10 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, > struct sh_css_fw_bi_file_h *file_header; > int ret; > > + /* some sanity checks */ > + if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) > + return -EINVAL; > + > firmware_header = (struct firmware_header *)fw_data; > file_header = &firmware_header->file_header; > binaries = &firmware_header->binary_header; > @@ -243,10 +247,6 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, > IA_CSS_LOG("successfully load firmware version %s", release_version); > } > > - /* some sanity checks */ > - if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) > - return -EINVAL; > - > if (file_header->h_size != sizeof(struct sh_css_fw_bi_file_h)) > return -EINVAL; >
On 5/29/23 23:46, Hans de Goede wrote: > Hi, > > On 5/29/23 17:21, Dongliang Mu wrote: >> Smatch reports: >> >> sh_css_load_firmware() warn: variable dereferenced before check 'fw_data' >> >> The variable fw_data can be NULL in sh_css_load_firmware, resulting in >> NULL pointer dereference. >> >> Fix this by moving the sanity checks before variable dereferences. >> >> Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn> > > Thank you for your patch, but the same patch has already been submitted > and merged into my media-atomisp branch about a week ago: > > https://git.kernel.org/pub/scm/linux/kernel/git/hansg/linux.git/commit/?h=media-atomisp&id=c09907049eea9f12e959fb88c02a483a4c5eee89 I see. Thanks for your reply. > >> --- >> drivers/staging/media/atomisp/pci/sh_css_firmware.c | 8 ++++---- >> 1 file changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/staging/media/atomisp/pci/sh_css_firmware.c b/drivers/staging/media/atomisp/pci/sh_css_firmware.c >> index e7ef578db8ab..38b757c3df0a 100644 >> --- a/drivers/staging/media/atomisp/pci/sh_css_firmware.c >> +++ b/drivers/staging/media/atomisp/pci/sh_css_firmware.c >> @@ -229,6 +229,10 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, >> struct sh_css_fw_bi_file_h *file_header; >> int ret; >> >> + /* some sanity checks */ >> + if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) >> + return -EINVAL; >> + >> firmware_header = (struct firmware_header *)fw_data; >> file_header = &firmware_header->file_header; >> binaries = &firmware_header->binary_header; >> @@ -243,10 +247,6 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, >> IA_CSS_LOG("successfully load firmware version %s", release_version); >> } >> >> - /* some sanity checks */ >> - if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) >> - return -EINVAL; >> - >> if (file_header->h_size != sizeof(struct sh_css_fw_bi_file_h)) >> return -EINVAL; >>
diff --git a/drivers/staging/media/atomisp/pci/sh_css_firmware.c b/drivers/staging/media/atomisp/pci/sh_css_firmware.c index e7ef578db8ab..38b757c3df0a 100644 --- a/drivers/staging/media/atomisp/pci/sh_css_firmware.c +++ b/drivers/staging/media/atomisp/pci/sh_css_firmware.c @@ -229,6 +229,10 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, struct sh_css_fw_bi_file_h *file_header; int ret; + /* some sanity checks */ + if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) + return -EINVAL; + firmware_header = (struct firmware_header *)fw_data; file_header = &firmware_header->file_header; binaries = &firmware_header->binary_header; @@ -243,10 +247,6 @@ sh_css_load_firmware(struct device *dev, const char *fw_data, IA_CSS_LOG("successfully load firmware version %s", release_version); } - /* some sanity checks */ - if (!fw_data || fw_size < sizeof(struct sh_css_fw_bi_file_h)) - return -EINVAL; - if (file_header->h_size != sizeof(struct sh_css_fw_bi_file_h)) return -EINVAL;
Smatch reports: sh_css_load_firmware() warn: variable dereferenced before check 'fw_data' The variable fw_data can be NULL in sh_css_load_firmware, resulting in NULL pointer dereference. Fix this by moving the sanity checks before variable dereferences. Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn> --- drivers/staging/media/atomisp/pci/sh_css_firmware.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)