Re: [PATCH][next] media: ov2740: fix dereference before null check on pointer nvm
From: Bingbu Cao
Date: Wed Dec 02 2020 - 21:48:05 EST
Hi, Colin
Thanks for your patch.
On 11/26/20 7:49 PM, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> Currently pointer nvm is being dereferenced before it is being null
> checked. Fix this by moving the assignments of pointers client and
> ov2740 so that are after the null check hence avoiding any potential
> null pointer dereferences on pointer nvm.
>
> Fixes: 5e6fd339b68d ("media: ov2740: allow OTP data access during streaming")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> ---
> drivers/media/i2c/ov2740.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/i2c/ov2740.c b/drivers/media/i2c/ov2740.c
> index 99016546cbec..b41a90c2aed5 100644
> --- a/drivers/media/i2c/ov2740.c
> +++ b/drivers/media/i2c/ov2740.c
> @@ -600,8 +600,8 @@ static void ov2740_update_pad_format(const struct ov2740_mode *mode,
>
> static int ov2740_load_otp_data(struct nvm_data *nvm)
> {
> - struct i2c_client *client = nvm->client;
> - struct ov2740 *ov2740 = to_ov2740(i2c_get_clientdata(client));
> + struct i2c_client *client;
> + struct ov2740 *ov2740;
> u32 isp_ctrl00 = 0;
> u32 isp_ctrl01 = 0;
> int ret;
> @@ -612,6 +612,9 @@ static int ov2740_load_otp_data(struct nvm_data *nvm)
> if (nvm->nvm_buffer)
> return 0;
>
> + client = nvm->client;
> + ov2740 = to_ov2740(i2c_get_clientdata(client));
> +
> nvm->nvm_buffer = kzalloc(CUSTOMER_USE_OTP_SIZE, GFP_KERNEL);
> if (!nvm->nvm_buffer)
> return -ENOMEM;
>
Reviewed-by: Bingbu Cao <bingbu.cao@xxxxxxxxx>
--
Best regards,
Bingbu Cao