>From 7aa39c0d02bddf9cfa14762f115303b79bfa0ae3 Mon Sep 17 00:00:00 2001 From: Tanmay Bhushan <007047221b@xxxxxxxxx> Date: Wed, 28 Dec 2022 21:01:16 +0100 Subject: [PATCH] media: staging: media: omap4iss: Fix null dereference for iss media_pad_remote_pad_first returns NULL in some cases but while using the return value was used without NULL check which will lead to panic in case of NULL return. iss_pipeline_is_last returns value check so have returned 0 in case of NULL and csi2_configure is not documented for such cases so returned EINVAL for it. Code is not tested as it is only for NULL dereference verification. Signed-off-by: Tanmay Bhushan <007047221b@xxxxxxxxx> --- drivers/staging/media/omap4iss/iss.c | 6 +++++- drivers/staging/media/omap4iss/iss_csi2.c | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/staging/media/omap4iss/iss.c b/drivers/staging/media/omap4iss/iss.c index fa2a36d829d3..3f01eeff40e7 100644 --- a/drivers/staging/media/omap4iss/iss.c +++ b/drivers/staging/media/omap4iss/iss.c @@ -552,7 +552,11 @@ static int iss_pipeline_is_last(struct media_entity *me) if (!pipe || pipe->stream_state == ISS_PIPELINE_STREAM_STOPPED) return 0; pad = media_pad_remote_pad_first(&pipe->output->pad); - return pad->entity == me; + + if (pad) + return pad->entity == me; + + return 0; } static int iss_reset(struct iss_device *iss) diff --git a/drivers/staging/media/omap4iss/iss_csi2.c b/drivers/staging/media/omap4iss/iss_csi2.c index 04ce0e7eb557..ab2c2ad64464 100644 --- a/drivers/staging/media/omap4iss/iss_csi2.c +++ b/drivers/staging/media/omap4iss/iss_csi2.c @@ -539,6 +539,10 @@ static int csi2_configure(struct iss_csi2_device *csi2) return -EBUSY; pad = media_pad_remote_pad_first(&csi2->pads[CSI2_PAD_SINK]); + + if (!pad) + return -EINVAL; + sensor = media_entity_to_v4l2_subdev(pad->entity); pdata = sensor->host_priv; -- 2.34.1
