| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jan 2023 07:19:42 +0300
From: Dan Carpenter <error27@...il.com>
To: oe-kbuild@...ts.linux.dev, Ricardo Ribalda <ribalda@...omium.org>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Laurent Pinchart <laurent.pinchart@...asonboard.com>
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
linux-media@...r.kernel.org,
Ricardo Ribalda <ribalda@...omium.org>,
"hn.chen" <hn.chen@...plusit.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/5] media: uvc: Ignore empty TS packets
Hi Ricardo,
url: https://github.com/intel-lab-lkp/linux/commits/Ricardo-Ribalda/media-uvc-Ignore-empty-TS-packets/20230109-180318
base: 73d6709376914f577a61bb29e596fa93ec66598c
patch link: https://lore.kernel.org/r/20220920-resend-hwtimestamp-v4-1-a8ddc1358a29%40chromium.org
patch subject: [PATCH v4 1/5] media: uvc: Ignore empty TS packets
config: arc-randconfig-m031-20230108
compiler: arceb-elf-gcc (GCC) 12.1.0
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
| Reported-by: Dan Carpenter <error27@...il.com>
smatch warnings:
drivers/media/usb/uvc/uvc_video.c:538 uvc_video_clock_decode() error: we previously assumed 'buf' could be null (see line 514)
vim +/buf +538 drivers/media/usb/uvc/uvc_video.c
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 469 static void
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 470 uvc_video_clock_decode(struct uvc_streaming *stream, struct uvc_buffer *buf,
2c6b222cee2d68e drivers/media/usb/uvc/uvc_video.c Laurent Pinchart 2018-01-16 471 const u8 *data, int len)
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 472 {
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 473 struct uvc_clock_sample *sample;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 474 unsigned int header_size;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 475 bool has_pts = false;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 476 bool has_scr = false;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 477 unsigned long flags;
828ee8c71950155 drivers/media/usb/uvc/uvc_video.c Arnd Bergmann 2017-11-27 478 ktime_t time;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 479 u16 host_sof;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 480 u16 dev_sof;
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 481 u32 dev_stc;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 482
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 483 switch (data[1] & (UVC_STREAM_PTS | UVC_STREAM_SCR)) {
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 484 case UVC_STREAM_PTS | UVC_STREAM_SCR:
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 485 header_size = 12;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 486 has_pts = true;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 487 has_scr = true;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 488 break;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 489 case UVC_STREAM_PTS:
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 490 header_size = 6;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 491 has_pts = true;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 492 break;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 493 case UVC_STREAM_SCR:
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 494 header_size = 8;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 495 has_scr = true;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 496 break;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 497 default:
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 498 header_size = 2;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 499 break;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 500 }
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 501
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 502 /* Check for invalid headers. */
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 503 if (len < header_size)
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 504 return;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 505
699b9a86a3f03ad drivers/media/usb/uvc/uvc_video.c Laurent Pinchart 2022-06-08 506 /*
699b9a86a3f03ad drivers/media/usb/uvc/uvc_video.c Laurent Pinchart 2022-06-08 507 * Extract the timestamps:
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 508 *
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 509 * - store the frame PTS in the buffer structure
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 510 * - if the SCR field is present, retrieve the host SOF counter and
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 511 * kernel timestamps and store them with the SCR STC and SOF fields
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 512 * in the ring buffer
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 513 */
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 @514 if (has_pts && buf != NULL)
^^^^^^^^^^^
This code checks for NULL.
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 515 buf->pts = get_unaligned_le32(&data[2]);
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 516
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 517 if (!has_scr)
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 518 return;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 519
699b9a86a3f03ad drivers/media/usb/uvc/uvc_video.c Laurent Pinchart 2022-06-08 520 /*
699b9a86a3f03ad drivers/media/usb/uvc/uvc_video.c Laurent Pinchart 2022-06-08 521 * To limit the amount of data, drop SCRs with an SOF identical to the
a919bd4d768164c drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-04 522 * previous one. This filtering is also needed to support UVC 1.5, where
a919bd4d768164c drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-04 523 * all the data packets of the same frame contains the same SOF. In that
a919bd4d768164c drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-04 524 * case only the first one will match the host_sof.
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 525 */
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 526 dev_sof = get_unaligned_le16(&data[header_size - 2]);
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 527 if (dev_sof == stream->clock.last_sof)
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 528 return;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 529
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 530 dev_stc = get_unaligned_le32(&data[header_size - 6]);
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 531
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 532 /*
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 533 * Some devices make a borderline interpretation of the UVC 1.5 standard
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 534 * and sends packets with no data contain undefined timestamps. Ignore
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 535 * such packages to avoid interfering with the clock interpolation
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 536 * algorithm.
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 537 */
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 @538 if (buf->bytesused == 0 && len == header_size &&
^^^^^^^^^^^^^^
Unchecked dereference
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 539 dev_stc == 0 && dev_sof == 0)
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 540 return;
febd4163e286059 drivers/media/usb/uvc/uvc_video.c Ricardo Ribalda 2023-01-09 541
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 542 stream->clock.last_sof = dev_sof;
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 543
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 544 host_sof = usb_get_current_frame_number(stream->dev->udev);
828ee8c71950155 drivers/media/usb/uvc/uvc_video.c Arnd Bergmann 2017-11-27 545 time = uvc_video_get_time();
66847ef013cc4ed drivers/media/video/uvc/uvc_video.c Laurent Pinchart 2011-09-24 546
699b9a86a3f03ad drivers/media/usb/uvc/uvc_video.c Laurent Pinchart 2022-06-08 547 /*
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
Powered by blists - more mailing lists