Re: media: i2c: add OV02A10 image sensor driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/12/2020 18:10, Andy Shevchenko wrote:
> On Thu, Dec 3, 2020 at 8:03 PM Colin Ian King <colin.king@xxxxxxxxxxxxx> wrote:
> 
>> Static analysis on linux-next with Coverity has detected an issue with
>> the following commit:
> 
> If you want to fix it properly, see my comments below...
> 
>> 529 static int ov02a10_s_stream(struct v4l2_subdev *sd, int on)
>> 530 {
>> 531        struct ov02a10 *ov02a10 = to_ov02a10(sd);
>> 532        struct i2c_client *client =
>> v4l2_get_subdevdata(&ov02a10->subdev);
>>
>>    1. var_decl: Declaring variable ret without initializer.
>>
>> 533        int ret;
>> 534
>> 535        mutex_lock(&ov02a10->mutex);
>> 536
>>
>>    2. Condition ov02a10->streaming == on, taking true branch.
>>
>> 537        if (ov02a10->streaming == on)
>>
>>    3. Jumping to label unlock_and_return.
>>
>> 538                goto unlock_and_return;
>> 539
>> 540        if (on) {
>> 541                ret = pm_runtime_get_sync(&client->dev);
>> 542                if (ret < 0) {
> 
>> 543                        pm_runtime_put_noidle(&client->dev);
>> 544                        goto unlock_and_return;
> 
> Instead of two above:
>                        goto err_rpm_put;
> 
>> 545                }
>> 546
>> 547                ret = __ov02a10_start_stream(ov02a10);
>> 548                if (ret) {
>> 549                        __ov02a10_stop_stream(ov02a10);
>> 550                        ov02a10->streaming = !on;
>> 551                        goto err_rpm_put;
>> 552                }
>> 553        } else {
>> 554                __ov02a10_stop_stream(ov02a10);
>> 555                pm_runtime_put(&client->dev);
>> 556        }
>> 557
>> 558        ov02a10->streaming = on;
> 
> (1)
> 
>> 559        mutex_unlock(&ov02a10->mutex);
>> 560
>> 561        return 0;
>> 562
>> 563 err_rpm_put:
>> 564        pm_runtime_put(&client->dev);
> 
>> 565 unlock_and_return:
> 
> Should be moved to (1).
> 
>> 566        mutex_unlock(&ov02a10->mutex);
>> 567
>>
>> Uninitialized scalar variable (UNINIT)
>>     4. uninit_use: Using uninitialized value ret.
>>
>> 568        return ret;
>> 569 }
>>
>> Variable ret has not been initialized, so the error return value is a
>> garbage value. It should be initialized with some appropriate negative
>> error code, or ret could be removed and the return should return a
>> literal value of a error code.
>>
>> I was unsure what value is appropriate to fix this, so instead I'm
>> reporting this issue.
> 
Not sure I fully understand how that fixes it. Given that ret is
currently not initialized when we hit:

	 if (ov02a10->streaming == on)
		goto unlock_and_return;

either we initialize ret to 0 at the start of the function, or do:
	
	 if (ov02a10->streaming == on) {
		ret = 0;
		goto unlock_and_return;
	}

(assuming the intention is to return zero for this specific case).

Colin
[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux