If rcsi2_code_to_fmt() return NULL,
then null pointer dereference occurs in the next cycle.
The patch adds checking if format is NULL.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Nadezda Lutovinova <lutovinova@xxxxxxxxx>
---
drivers/media/platform/rcar-vin/rcar-csi2.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/media/platform/rcar-vin/rcar-csi2.c b/drivers/media/platform/rcar-vin/rcar-csi2.c
index e28eff039688..55bb584d2a13 100644
--- a/drivers/media/platform/rcar-vin/rcar-csi2.c
+++ b/drivers/media/platform/rcar-vin/rcar-csi2.c
@@ -553,6 +553,12 @@ static int rcsi2_start_receiver(struct rcar_csi2 *priv)
/* Code is validated in set_fmt. */
format = rcsi2_code_to_fmt(priv->mf.code);
+ if (!format) {
+ dev_err(priv->dev,
+ "Incorrect mbus frame format code %u\n",
+ priv->mf.code);
+ return -EINVAL;
+ }
/*
* Enable all supported CSI-2 channels with virtual channel and
--
2.17.1
