Patch "media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning" has been added to the 6.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 30 Sep 2024 19:44:49 -0400

This is a note to let you know that I've just added the patch titled

    media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning

to the 6.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     media-mediatek-vcodec-fix-vp8-stateless-decoder-smat.patch
and it can be found in the queue-6.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 6f123a98825d62c7bb6b85b163349107858f9480
Author: Yunfei Dong <yunfei.dong@xxxxxxxxxxxx>
Date:   Thu Jun 13 17:33:56 2024 +0800

    media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
    
    [ Upstream commit b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44 ]
    
    Fix a smatch static checker warning on vdec_vp8_req_if.c.
    Which leads to a kernel crash when fb is NULL.
    
    Fixes: 7a7ae26fd458 ("media: mediatek: vcodec: support stateless VP8 decoding")
    Signed-off-by: Yunfei Dong <yunfei.dong@xxxxxxxxxxxx>
    Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@xxxxxxxxxxxxx>
    Signed-off-by: Sebastian Fricke <sebastian.fricke@xxxxxxxxxxxxx>
    Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c b/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c
index e27e728f392e6..232ef3bd246a3 100644
--- a/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c
+++ b/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c
@@ -334,14 +334,18 @@ static int vdec_vp8_slice_decode(void *h_vdec, struct mtk_vcodec_mem *bs,
 	src_buf_info = container_of(bs, struct mtk_video_dec_buf, bs_buffer);
 
 	fb = inst->ctx->dev->vdec_pdata->get_cap_buffer(inst->ctx);
-	dst_buf_info = container_of(fb, struct mtk_video_dec_buf, frame_buffer);
+	if (!fb) {
+		mtk_vdec_err(inst->ctx, "fb buffer is NULL");
+		return -ENOMEM;
+	}
 
-	y_fb_dma = fb ? (u64)fb->base_y.dma_addr : 0;
+	dst_buf_info = container_of(fb, struct mtk_video_dec_buf, frame_buffer);
+	y_fb_dma = fb->base_y.dma_addr;
 	if (inst->ctx->q_data[MTK_Q_DATA_DST].fmt->num_planes == 1)
 		c_fb_dma = y_fb_dma +
 			inst->ctx->picinfo.buf_w * inst->ctx->picinfo.buf_h;
 	else
-		c_fb_dma = fb ? (u64)fb->base_c.dma_addr : 0;
+		c_fb_dma = fb->base_c.dma_addr;
 
 	inst->vsi->dec.bs_dma = (u64)bs->dma_addr;
 	inst->vsi->dec.bs_sz = bs->size;







