Re: [PATCH v1 1/2] media: atomisp: fix potential NULL pointer dereference in configure_isp_from_args()

[Andy Shevchenko]

On Sat, Mar 28, 2026 at 9:27 PM Jose A. Perez de Azpillaga
<azpijr@xxxxxxxxx> wrote:
>
> The function configure_isp_from_args() incorrectly dereferences
> args->delay_frames[0] to configure cropping without checking if the
> pointer is valid. However, as noted in a FIXME comment later in the
> same function, delay_frames can be NULL in certain pipeline
> configurations.
>
> Add defensive checks for both delay_frames and tnr_frames before passing
> them to their respective configuration functions. This ensures that
> optional frames are only processed if they were actually allocated,
> preventing a kernel NULL pointer dereference.

Have you experienced bugs IRL?

...

>         /*
> -        * FIXME: args->delay_frames can be NULL here
> -        *
> -        * Somehow, the driver at the Intel Atom Yocto tree doesn't seem to
> -        * suffer from the same issue.
> -        *
> -        * Anyway, the function below should now handle a NULL delay_frames
> -        * without crashing, but the pipeline should likely be built without
> -        * adding it at the first place (or there are a hidden bug somewhere)
> +        * Safely handle pipelines built without delay_frames
>          */

This comment suggests something different. What the proposed change is
doing is just skipping the invalid data without actual understanding
of the root cause.

-- 
With Best Regards,
Andy Shevchenko