tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

media: mediatek: vcodec: Coverity issues in encoder driver

CERT-C Characters and Strings:
check core id is in valid range:
dev->reg_base[dev->venc_pdata->core_id] evaluates to an address
that could be at negative offset of an array.

CERT-C Expression:
check buf is not NULL before used:
Dereferencing buf, which is known to be NULL.

Signed-off-by: Irui Wang <irui.wang@mediatek.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>

authored by

Irui Wang and committed by
Mauro Carvalho Chehab bb02a201 8fbcf730

+13 -5
+1 -1
drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
··· 943 943 * FIXME: This check is not needed as only active buffers 944 944 * can be marked as done. 945 945 */ 946 - if (buf->state == VB2_BUF_STATE_ACTIVE) { 946 + if (buf && buf->state == VB2_BUF_STATE_ACTIVE) { 947 947 mtk_v4l2_debug(0, "[%d] id=%d, type=%d, %d -> VB2_BUF_STATE_QUEUED", 948 948 ctx->id, i, q->type, 949 949 (int)buf->state);
+12 -4
drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc_drv.c
··· 89 89 struct mtk_vcodec_ctx *ctx; 90 90 unsigned long flags; 91 91 void __iomem *addr; 92 + int core_id; 92 93 93 94 spin_lock_irqsave(&dev->irqlock, flags); 94 95 ctx = dev->curr_ctx; 95 96 spin_unlock_irqrestore(&dev->irqlock, flags); 96 97 97 - mtk_v4l2_debug(1, "id=%d coreid:%d", ctx->id, dev->venc_pdata->core_id); 98 - addr = dev->reg_base[dev->venc_pdata->core_id] + 99 - MTK_VENC_IRQ_ACK_OFFSET; 98 + core_id = dev->venc_pdata->core_id; 99 + if (core_id < 0 || core_id >= NUM_MAX_VCODEC_REG_BASE) { 100 + mtk_v4l2_err("Invalid core id: %d, ctx id: %d", 101 + core_id, ctx->id); 102 + return IRQ_HANDLED; 103 + } 100 104 101 - ctx->irq_status = readl(dev->reg_base[dev->venc_pdata->core_id] + 105 + mtk_v4l2_debug(1, "id: %d, core id: %d", ctx->id, core_id); 106 + 107 + addr = dev->reg_base[core_id] + MTK_VENC_IRQ_ACK_OFFSET; 108 + 109 + ctx->irq_status = readl(dev->reg_base[core_id] + 102 110 (MTK_VENC_IRQ_STATUS_OFFSET)); 103 111 104 112 clean_irq_status(ctx->irq_status, addr);