On 8/21/19 11:09 PM, Yizhuo wrote:
> Inside function ctrl_cx2341x_getv4lflags(), qctrl.flag
> will be uninitlaized if cx2341x_ctrl_query() returns -EINVAL.
> However, it will be used in the later if statement, which is
> potentially unsafe.
>
> Signed-off-by: Yizhuo <yzhai003@xxxxxxx>
> ---
> drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
> index ad5b25b89699..1fa05971316a 100644
> --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
> +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
> @@ -793,6 +793,7 @@ static unsigned int ctrl_cx2341x_getv4lflags(struct pvr2_ctrl *cptr)
> struct v4l2_queryctrl qctrl;
> struct pvr2_ctl_info *info;
> qctrl.id = cptr->info->v4l_id;
> + memset(&qctr, 0, sizeof(qctrl))
Please compile test your patches! This doesn't compile due to a typo
(qctr -> qctrl).
Also, this would overwrite qctrl.id with 0, not what you want.
Instead, just do:
struct v4l2_queryctrl qctrl = {};
to initialize the struct with all 0.
Regards,
Hans
> cx2341x_ctrl_query(&cptr->hdw->enc_ctl_state,&qctrl);
> /* Strip out the const so we can adjust a function pointer. It's
> OK to do this here because we know this is a dynamically created
>
