Re: [PATCH 1/6] media: v4l2-dev: Add range check for vdev->minor
From: Hans Verkuil
Date: Wed Apr 29 2026 - 03:38:46 EST
On 28/04/2026 14:41, Ricardo Ribalda wrote:
> If the fixed minor ranges are not properly set we could end up in a
> situation where the calculated minor is invalid. Add a check for this in
> the code.
the code -> the code to make it more robust.
>
> This check also fixes the following smatch warning:
I'd say:
This check also fixes the following false positive smatch warnings:
>
> drivers/media/v4l2-core/v4l2-dev.c:1036 __video_register_device() error: buffer overflow 'video_devices' 256 <= 288
> drivers/media/v4l2-core/v4l2-dev.c:1043 __video_register_device() error: buffer overflow 'video_devices' 256 <= 288
> drivers/media/v4l2-core/v4l2-dev.c:1101 __video_register_device() error: buffer overflow 'video_devices' 256 <= 288
>
> Signed-off-by: Ricardo Ribalda <ribalda@xxxxxxxxxxxx>
The code in __video_register_device is quite complex, so adding this check is
worthwhile. So even though the warning is a false positive, it's a good change.
Regards,
Hans
> ---
> drivers/media/v4l2-core/v4l2-dev.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/media/v4l2-core/v4l2-dev.c b/drivers/media/v4l2-core/v4l2-dev.c
> index 6ce623a1245a..a731ffdb91ee 100644
> --- a/drivers/media/v4l2-core/v4l2-dev.c
> +++ b/drivers/media/v4l2-core/v4l2-dev.c
> @@ -1032,6 +1032,12 @@ int __video_register_device(struct video_device *vdev,
> vdev->minor = i + minor_offset;
> vdev->num = nr;
>
> + if (WARN_ON(vdev->minor >= VIDEO_NUM_DEVICES)) {
> + mutex_unlock(&videodev_lock);
> + pr_err("invalid minor. Check ranges.\n");
> + return -EINVAL;
> + }
> +
> /* Should not happen since we thought this minor was free */
> if (WARN_ON(video_devices[vdev->minor])) {
> mutex_unlock(&videodev_lock);
>