Skip to content

Commit 03fa71e

Browse files
Abhishek-Tamboli9gregkh
Abhishek-Tamboli9
authored and
gregkh
committed
usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
commit a7bb96b18864225a694e3887ac2733159489e4b0 upstream. Fix potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format(). Fix the following smatch errors: drivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix() error: 'fmtdesc' dereferencing possible ERR_PTR() drivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format() error: 'fmtdesc' dereferencing possible ERR_PTR() Also, fix similar issue in uvc_v4l2_try_format() for potential dereferencing of ERR_PTR(). Signed-off-by: Abhishek Tamboli <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jianqi Ren <[email protected]> Signed-off-by: He Zhe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent 1a8d68c commit 03fa71e

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

drivers/usb/gadget/function/uvc_v4l2.c

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,9 @@ static struct uvcg_format *find_format_by_pix(struct uvc_device *uvc,
121121
list_for_each_entry(format, &uvc->header->formats, entry) {
122122
struct uvc_format_desc *fmtdesc = to_uvc_format(format->fmt);
123123

124+
if (IS_ERR(fmtdesc))
125+
continue;
126+
124127
if (fmtdesc->fcc == pixelformat) {
125128
uformat = format->fmt;
126129
break;
@@ -240,6 +243,7 @@ uvc_v4l2_try_format(struct file *file, void *fh, struct v4l2_format *fmt)
240243
struct uvc_video *video = &uvc->video;
241244
struct uvcg_format *uformat;
242245
struct uvcg_frame *uframe;
246+
const struct uvc_format_desc *fmtdesc;
243247
u8 *fcc;
244248

245249
if (fmt->type != video->queue.queue.type)
@@ -265,7 +269,10 @@ uvc_v4l2_try_format(struct file *file, void *fh, struct v4l2_format *fmt)
265269
fmt->fmt.pix.field = V4L2_FIELD_NONE;
266270
fmt->fmt.pix.bytesperline = uvc_v4l2_get_bytesperline(uformat, uframe);
267271
fmt->fmt.pix.sizeimage = uvc_get_frame_size(uformat, uframe);
268-
fmt->fmt.pix.pixelformat = to_uvc_format(uformat)->fcc;
272+
fmtdesc = to_uvc_format(uformat);
273+
if (IS_ERR(fmtdesc))
274+
return PTR_ERR(fmtdesc);
275+
fmt->fmt.pix.pixelformat = fmtdesc->fcc;
269276
fmt->fmt.pix.colorspace = V4L2_COLORSPACE_SRGB;
270277
fmt->fmt.pix.priv = 0;
271278

@@ -378,6 +385,9 @@ uvc_v4l2_enum_format(struct file *file, void *fh, struct v4l2_fmtdesc *f)
378385
f->flags |= V4L2_FMT_FLAG_COMPRESSED;
379386

380387
fmtdesc = to_uvc_format(uformat);
388+
if (IS_ERR(fmtdesc))
389+
return PTR_ERR(fmtdesc);
390+
381391
f->pixelformat = fmtdesc->fcc;
382392

383393
strscpy(f->description, fmtdesc->name, sizeof(f->description));

0 commit comments

Comments
 (0)