[v2] media: s3c-camif: Avoid inappropriate kfree()

Message ID	20230922115506.30024-1-e.orlova@ispras.ru
State	New
Headers	show Return-Path: <linux-samsung-soc-owner@vger.kernel.org> From: Katya Orlova <e.orlova@ispras.ru> To: Andi Shyti <andi.shyti@kernel.org> Cc: Katya Orlova <e.orlova@ispras.ru>, Sylwester Nawrocki <sylvester.nawrocki@gmail.com>, Mauro Carvalho Chehab <mchehab@kernel.org>, linux-media@vger.kernel.org, linux-samsung-soc@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH v2] media: s3c-camif: Avoid inappropriate kfree() Date: Fri, 22 Sep 2023 14:55:06 +0300 Message-Id: <20230922115506.30024-1-e.orlova@ispras.ru> In-Reply-To: <20230903202336.qjdg6zw6otig2qdv@zenone.zhora.eu> References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[v2] media: s3c-camif: Avoid inappropriate kfree() \| expand [v2] media: s3c-camif: Avoid inappropriate kfree()

Message ID

20230922115506.30024-1-e.orlova@ispras.ru

State

New

Headers

From: Katya Orlova <e.orlova@ispras.ru>
To: Andi Shyti <andi.shyti@kernel.org>
Cc: Katya Orlova <e.orlova@ispras.ru>,
        Sylwester Nawrocki <sylvester.nawrocki@gmail.com>,
        Mauro Carvalho Chehab <mchehab@kernel.org>,
        linux-media@vger.kernel.org, linux-samsung-soc@vger.kernel.org,
        linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Subject: [PATCH v2] media: s3c-camif: Avoid inappropriate kfree()
Date: Fri, 22 Sep 2023 14:55:06 +0300
Message-Id: <20230922115506.30024-1-e.orlova@ispras.ru>
In-Reply-To: <20230903202336.qjdg6zw6otig2qdv@zenone.zhora.eu>
References: 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[v2] media: s3c-camif: Avoid inappropriate kfree() | expand

Commit Message

Katya Orlova Sept. 22, 2023, 11:55 a.m. UTC

s3c_camif_register_video_node() works with video_device structure stored
as a field of camif_vp, so it should not be kfreed.
But there is video_device_release() on error path that do it.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: babde1c243b2 ("[media] V4L: Add driver for S3C24XX/S3C64XX SoC series camera interface")
Signed-off-by: Katya Orlova <e.orlova@ispras.ru>
---
v2: Get rid not only of video_device_release(), but of the entire
"err_vd_rel" goto label, as Andi Shyti <andi.shyti@kernel.org> suggested.
 drivers/media/platform/samsung/s3c-camif/camif-capture.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/media/platform/samsung/s3c-camif/camif-capture.c b/drivers/media/platform/samsung/s3c-camif/camif-capture.c
index 76634d242b10..0f5b3845d7b9 100644
--- a/drivers/media/platform/samsung/s3c-camif/camif-capture.c
+++ b/drivers/media/platform/samsung/s3c-camif/camif-capture.c
@@ -1133,12 +1133,12 @@  int s3c_camif_register_video_node(struct camif_dev *camif, int idx)
 
 	ret = vb2_queue_init(q);
 	if (ret)
-		goto err_vd_rel;
+		return ret;
 
 	vp->pad.flags = MEDIA_PAD_FL_SINK;
 	ret = media_entity_pads_init(&vfd->entity, 1, &vp->pad);
 	if (ret)
-		goto err_vd_rel;
+		return ret;
 
 	video_set_drvdata(vfd, vp);
 
@@ -1171,8 +1171,6 @@  int s3c_camif_register_video_node(struct camif_dev *camif, int idx)
 	v4l2_ctrl_handler_free(&vp->ctrl_handler);
 err_me_cleanup:
 	media_entity_cleanup(&vfd->entity);
-err_vd_rel:
-	video_device_release(vfd);
 	return ret;
 }

[v2] media: s3c-camif: Avoid inappropriate kfree()

Commit Message

Patch