[bug report] media: mediatek: vcodec: add h264 decoder driver for mt8186

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Yunfei Dong,

The patch 397edc703a10: "media: mediatek: vcodec: add h264 decoder
driver for mt8186" from May 12, 2022 (linux-next), leads to the
following (in development) Smatch static checker warning:

drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c:351 vdec_h264_slice_decode() potential NULL container_of 'fb'
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c:337 vdec_vp8_slice_decode() potential NULL container_of 'fb'
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c:728 vdec_h264_slice_single_decode() potential NULL container_of 'fb'

drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c
    709 static int vdec_h264_slice_single_decode(void *h_vdec, struct mtk_vcodec_mem *bs,
    710                                          struct vdec_fb *unused, bool *res_chg)
    711 {
    712         struct vdec_h264_slice_inst *inst = h_vdec;
    713         struct vdec_vpu_inst *vpu = &inst->vpu;
    714         struct mtk_video_dec_buf *src_buf_info, *dst_buf_info;
    715         struct vdec_fb *fb;
    716         unsigned char *buf;
    717         unsigned int data[2], i;
    718         u64 y_fb_dma, c_fb_dma;
    719         struct mtk_vcodec_mem *mem;
    720         int err, nal_start_idx;
    721 
    722         /* bs NULL means flush decoder */
    723         if (!bs)
    724                 return vpu_dec_reset(vpu);
    725 
    726         fb = inst->ctx->dev->vdec_pdata->get_cap_buffer(inst->ctx);

Smatch says that "fb" can be NULL.

    727         src_buf_info = container_of(bs, struct mtk_video_dec_buf, bs_buffer);
--> 728         dst_buf_info = container_of(fb, struct mtk_video_dec_buf, frame_buffer);
                ^^^^^^^^^^^^
If "fb" is NULL then dst_buf_info will point to bogus memory.


    729 
    730         y_fb_dma = fb ? (u64)fb->base_y.dma_addr : 0;
    731         c_fb_dma = fb ? (u64)fb->base_c.dma_addr : 0;
                           ^^
These lines assume "fb" can be NULL.


    732         mtk_vdec_debug(inst->ctx, "[h264-dec] [%d] y_dma=%llx c_dma=%llx",
    733                        inst->ctx->decoded_frame_cnt, y_fb_dma, c_fb_dma);
    734 
    735         inst->vsi_ctx.dec.bs_buf_addr = (u64)bs->dma_addr;
    736         inst->vsi_ctx.dec.bs_buf_size = bs->size;
    737         inst->vsi_ctx.dec.y_fb_dma = y_fb_dma;
    738         inst->vsi_ctx.dec.c_fb_dma = c_fb_dma;
    739         inst->vsi_ctx.dec.vdec_fb_va = (u64)(uintptr_t)fb;
    740 
    741         v4l2_m2m_buf_copy_metadata(&src_buf_info->m2m_buf.vb,
    742                                    &dst_buf_info->m2m_buf.vb, true);
                                           ^^^^^^^^^^^^^^^^^^^^^^^^^
If "fb" is NULL, this will crash.  The other warnings are the same where
the checking for NULL "fb" isn't done consistently.

    743         err = get_vdec_sig_decode_parameters(inst);
    744         if (err)

regards,
dan carpenter
[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux