Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 5d6de11c authored by Dan Carpenter's avatar Dan Carpenter Committed by Mauro Carvalho Chehab
Browse files

[media] mx2-camera: potential negative underflow bug 



My static checker complains:

	drivers/media/platform/soc_camera/mx2_camera.c:1070
	mx2_emmaprp_resize() warn: no lower bound on 'num'

The heuristic is that it's looking for values which the user can
influence and we put an upper bound on them but we (perhaps
accidentally) allow negative numbers.

I am not very familiar with this code but I have looked at it and think
there might be a bug.  Making the variable unsigned seems like a safe
option either way and this silences the static checker warning.

The call tree is:
  -> subdev_do_ioctl()
     -> mx2_camera_set_fmt()
        -> mx2_emmaprp_resize()
The check:
	if (num > RESIZE_NUM_MAX)
can underflow and then we use "num" on the else path.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarGuennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@osg.samsung.com>
parent 197a47f2
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment