[PATCH v7 3/3] media: v4l2-subdev: Verify v4l2_subdev_call() pad config argument

From: Janusz Krzysztofik
Date: Mon May 20 2019 - 17:30:43 EST


Extend parameter checks performed by v4l2_subdev_call() with a check for
a non-NULL pad config pointer if V4L2_SUBDEV_FORMAT_TRY format type is
requested so drivers don't need to care.

Signed-off-by: Janusz Krzysztofik <jmkrzyszt@xxxxxxxxx>
---
drivers/media/v4l2-core/v4l2-subdev.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-subdev.c b/drivers/media/v4l2-core/v4l2-subdev.c
index 957c8e5cdfe1..34219e489be2 100644
--- a/drivers/media/v4l2-core/v4l2-subdev.c
+++ b/drivers/media/v4l2-core/v4l2-subdev.c
@@ -144,20 +144,30 @@ static inline int check_pad(struct v4l2_subdev *sd, __u32 pad)
return 0;
}

+static int check_cfg(__u32 which, struct v4l2_subdev_pad_config *cfg)
+{
+ if (which == V4L2_SUBDEV_FORMAT_TRY && !cfg)
+ return -EINVAL;
+
+ return 0;
+}
+
static inline int check_format(struct v4l2_subdev *sd,
+ struct v4l2_subdev_pad_config *cfg,
struct v4l2_subdev_format *format)
{
if (!format)
return -EINVAL;

- return check_which(format->which) ? : check_pad(sd, format->pad);
+ return check_which(format->which) ? : check_pad(sd, format->pad) ? :
+ check_cfg(format->which, cfg);
}

static int call_get_fmt(struct v4l2_subdev *sd,
struct v4l2_subdev_pad_config *cfg,
struct v4l2_subdev_format *format)
{
- return check_format(sd, format) ? :
+ return check_format(sd, cfg, format) ? :
sd->ops->pad->get_fmt(sd, cfg, format);
}

@@ -165,7 +175,7 @@ static int call_set_fmt(struct v4l2_subdev *sd,
struct v4l2_subdev_pad_config *cfg,
struct v4l2_subdev_format *format)
{
- return check_format(sd, format) ? :
+ return check_format(sd, cfg, format) ? :
sd->ops->pad->set_fmt(sd, cfg, format);
}

@@ -177,6 +187,7 @@ static int call_enum_mbus_code(struct v4l2_subdev *sd,
return -EINVAL;

return check_which(code->which) ? : check_pad(sd, code->pad) ? :
+ check_cfg(code->which, cfg) ? :
sd->ops->pad->enum_mbus_code(sd, cfg, code);
}

@@ -188,6 +199,7 @@ static int call_enum_frame_size(struct v4l2_subdev *sd,
return -EINVAL;

return check_which(fse->which) ? : check_pad(sd, fse->pad) ? :
+ check_cfg(fse->which, cfg) ? :
sd->ops->pad->enum_frame_size(sd, cfg, fse);
}

@@ -222,23 +234,26 @@ static int call_enum_frame_interval(struct v4l2_subdev *sd,
return -EINVAL;

return check_which(fie->which) ? : check_pad(sd, fie->pad) ? :
+ check_cfg(fie->which, cfg) ? :
sd->ops->pad->enum_frame_interval(sd, cfg, fie);
}

static inline int check_selection(struct v4l2_subdev *sd,
+ struct v4l2_subdev_pad_config *cfg,
struct v4l2_subdev_selection *sel)
{
if (!sel)
return -EINVAL;

- return check_which(sel->which) ? : check_pad(sd, sel->pad);
+ return check_which(sel->which) ? : check_pad(sd, sel->pad) ? :
+ check_cfg(sel->which, cfg);
}

static int call_get_selection(struct v4l2_subdev *sd,
struct v4l2_subdev_pad_config *cfg,
struct v4l2_subdev_selection *sel)
{
- return check_selection(sd, sel) ? :
+ return check_selection(sd, cfg, sel) ? :
sd->ops->pad->get_selection(sd, cfg, sel);
}

@@ -246,7 +261,7 @@ static int call_set_selection(struct v4l2_subdev *sd,
struct v4l2_subdev_pad_config *cfg,
struct v4l2_subdev_selection *sel)
{
- return check_selection(sd, sel) ? :
+ return check_selection(sd, cfg, sel) ? :
sd->ops->pad->set_selection(sd, cfg, sel);
}

--
2.21.0