Thanks for the correction, let me send a new patch then.
On Mon, Aug 26, 2019 at 5:09 AM Hans Verkuil <hverkuil@xxxxxxxxx> wrote:
>
> On 8/21/19 11:09 PM, Yizhuo wrote:
> > Inside function ctrl_cx2341x_getv4lflags(), qctrl.flag
> > will be uninitlaized if cx2341x_ctrl_query() returns -EINVAL.
> > However, it will be used in the later if statement, which is
> > potentially unsafe.
> >
> > Signed-off-by: Yizhuo <yzhai003@xxxxxxx>
> > ---
> > drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
> > index ad5b25b89699..1fa05971316a 100644
> > --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
> > +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
> > @@ -793,6 +793,7 @@ static unsigned int ctrl_cx2341x_getv4lflags(struct pvr2_ctrl *cptr)
> > struct v4l2_queryctrl qctrl;
> > struct pvr2_ctl_info *info;
> > qctrl.id = cptr->info->v4l_id;
> > + memset(&qctr, 0, sizeof(qctrl))
>
> Please compile test your patches! This doesn't compile due to a typo
> (qctr -> qctrl).
>
> Also, this would overwrite qctrl.id with 0, not what you want.
>
> Instead, just do:
>
> struct v4l2_queryctrl qctrl = {};
>
> to initialize the struct with all 0.
>
> Regards,
>
> Hans
>
> > cx2341x_ctrl_query(&cptr->hdw->enc_ctl_state,&qctrl);
> > /* Strip out the const so we can adjust a function pointer. It's
> > OK to do this here because we know this is a dynamically created
> >
>
--
Kind Regards,
Yizhuo Zhai
Computer Science, Graduate Student
University of California, Riverside
