From: Sylwester Nawrocki <s.nawrocki@samsung.com>
Date: Wed, 5 Dec 2012 16:52:00 +0000 (-0300)
Subject: [media] s5p-fimc: Avoid possible NULL pointer dereference in set_fmt op
X-Git-Tag: firefly_0821_release~3680^2~275^2~321
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6612545ffb3c14ccb5fa265992cc1b40db3ff463;p=firefly-linux-kernel-4.4.55.git

[media] s5p-fimc: Avoid possible NULL pointer dereference in set_fmt op

This fixes following issue found with a static analysis tool:
Pointer 'ffmt' returned from call to function 'fimc_capture_try_format'
at line 1522 may be NULL and may be dereferenced at line 1535.
Although it shouldn't happen in practice, add the NULL pointer check
to be on the safe side.

Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
---

diff --git a/drivers/media/platform/s5p-fimc/fimc-capture.c b/drivers/media/platform/s5p-fimc/fimc-capture.c
index 95e6a7820b5e..aad0850d0c01 100644
--- a/drivers/media/platform/s5p-fimc/fimc-capture.c
+++ b/drivers/media/platform/s5p-fimc/fimc-capture.c
@@ -1561,6 +1561,10 @@ static int fimc_subdev_set_fmt(struct v4l2_subdev *sd,
 		*mf = fmt->format;
 		return 0;
 	}
+	/* There must be a bug in the driver if this happens */
+	if (WARN_ON(ffmt == NULL))
+		return -EINVAL;
+
 	/* Update RGB Alpha control state and value range */
 	fimc_alpha_ctrl_update(ctx);