Message ID | Yta1eXgbVFGrVuTJ@kili (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | media: uvcvideo: fix a crash in uvc_ctrl_init_ctrl() | expand |
Hi Dan, Thank you for the patch. On Tue, Jul 19, 2022 at 04:45:29PM +0300, Dan Carpenter wrote: > There is a path where "mapping" is NULL when we try to process the > common mappings so it will crash. > > Fixes: 86f7ef773156 ("media: uvcvideo: Add support for per-device control mapping overrides") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> I've submitted [1] to fix this issue, and [2] to replace all the error-prone loops in this function. [1] https://lore.kernel.org/linux-media/20220718121219.16079-1-laurent.pinchart@ideasonboard.com/ [2] https://lore.kernel.org/linux-media/20220718222757.8203-1-laurent.pinchart@ideasonboard.com/T/#u > --- > This bug was previously reported by the kbuild bot and fixed in later > versions of the patchset. The git log doesn't have a link to > lore.kernel.org but I suspect an earlier version got merged? > > drivers/media/usb/uvc/uvc_ctrl.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c > index e4826a846861..00ea894e79fd 100644 > --- a/drivers/media/usb/uvc/uvc_ctrl.c > +++ b/drivers/media/usb/uvc/uvc_ctrl.c > @@ -2413,9 +2413,9 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, > { > const struct uvc_control_info *info = uvc_ctrls; > const struct uvc_control_info *iend = info + ARRAY_SIZE(uvc_ctrls); > - const struct uvc_control_mapping *mapping = uvc_ctrl_mappings; > - const struct uvc_control_mapping *mend = > - mapping + ARRAY_SIZE(uvc_ctrl_mappings); > + const struct uvc_control_mapping *mapping; > + const struct uvc_control_mapping *mend; > + unsigned int i; > > /* > * XU controls initialization requires querying the device for control > @@ -2453,7 +2453,6 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, > */ > if (chain->dev->info->mappings) { > bool custom = false; > - unsigned int i; > > for (i = 0; (mapping = chain->dev->info->mappings[i]); ++i) { > if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && > @@ -2468,7 +2467,8 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, > } > > /* Process common mappings next. */ > - for (; mapping < mend; ++mapping) { > + for (i = 0; i < ARRAY_SIZE(uvc_ctrl_mappings); i++) { > + mapping = &uvc_ctrl_mappings[i]; > if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && > ctrl->info.selector == mapping->selector) > __uvc_ctrl_add_mapping(chain, ctrl, mapping); > -- > 2.35.1 >
On Wed, Jul 20, 2022 at 01:34:56AM +0300, Laurent Pinchart wrote: > Hi Dan, > > Thank you for the patch. > > On Tue, Jul 19, 2022 at 04:45:29PM +0300, Dan Carpenter wrote: > > There is a path where "mapping" is NULL when we try to process the > > common mappings so it will crash. > > > > Fixes: 86f7ef773156 ("media: uvcvideo: Add support for per-device control mapping overrides") > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > I've submitted [1] to fix this issue, and [2] to replace all the > error-prone loops in this function. > > [1] https://lore.kernel.org/linux-media/20220718121219.16079-1-laurent.pinchart@ideasonboard.com/ > [2] https://lore.kernel.org/linux-media/20220718222757.8203-1-laurent.pinchart@ideasonboard.com/T/#u > Ah, perfect. Thank you! regards, dan carpenter > > --- > > This bug was previously reported by the kbuild bot and fixed in later > > versions of the patchset. The git log doesn't have a link to > > lore.kernel.org but I suspect an earlier version got merged?
diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index e4826a846861..00ea894e79fd 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2413,9 +2413,9 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, { const struct uvc_control_info *info = uvc_ctrls; const struct uvc_control_info *iend = info + ARRAY_SIZE(uvc_ctrls); - const struct uvc_control_mapping *mapping = uvc_ctrl_mappings; - const struct uvc_control_mapping *mend = - mapping + ARRAY_SIZE(uvc_ctrl_mappings); + const struct uvc_control_mapping *mapping; + const struct uvc_control_mapping *mend; + unsigned int i; /* * XU controls initialization requires querying the device for control @@ -2453,7 +2453,6 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, */ if (chain->dev->info->mappings) { bool custom = false; - unsigned int i; for (i = 0; (mapping = chain->dev->info->mappings[i]); ++i) { if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && @@ -2468,7 +2467,8 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, } /* Process common mappings next. */ - for (; mapping < mend; ++mapping) { + for (i = 0; i < ARRAY_SIZE(uvc_ctrl_mappings); i++) { + mapping = &uvc_ctrl_mappings[i]; if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && ctrl->info.selector == mapping->selector) __uvc_ctrl_add_mapping(chain, ctrl, mapping);
There is a path where "mapping" is NULL when we try to process the common mappings so it will crash. Fixes: 86f7ef773156 ("media: uvcvideo: Add support for per-device control mapping overrides") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- This bug was previously reported by the kbuild bot and fixed in later versions of the patchset. The git log doesn't have a link to lore.kernel.org but I suspect an earlier version got merged? drivers/media/usb/uvc/uvc_ctrl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)