Re: [PATCH] media: staging: atomisp: fix a potential missing-check bug
From: Wenwen Wang
Date: Tue May 08 2018 - 09:05:42 EST
On Tue, May 8, 2018 at 7:16 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> On Wed, May 02, 2018 at 05:38:49PM -0500, Wenwen Wang wrote:
>> At the end of atomisp_subdev_set_selection(), the function
>> atomisp_subdev_get_rect() is invoked to get the pointer to v4l2_rect. Since
>> this function may return a NULL pointer, it is firstly invoked to check
>> the returned pointer. If the returned pointer is not NULL, then the
>> function is invoked again to obtain the pointer and the memory content
>> at the location of the returned pointer is copied to the memory location of
>> r. In most cases, the pointers returned by the two invocations are same.
>> However, given that the pointer returned by the function
>> atomisp_subdev_get_rect() is not a constant, it is possible that the two
>> invocations return two different pointers. For example, another thread may
>> race to modify the related pointers during the two invocations.
> You're assuming a very serious race condition exists.
>> In that
>> case, even if the first returned pointer is not null, the second returned
>> pointer might be null, which will cause issues such as null pointer
> And then complaining that if a really serious bug exists then this very
> minor bug would exist too... If there were really a race condition like
> that then we'd want to fix it instead. In other words, this is not a
> real life bug fix.
> But it would be fine as a readability or static checker fix so that's
Thanks for your response. From the performance perspective, this bug
should also be fixed, as the second invocation is redundant if it is
expected to return a same pointer as the first one.