From: Nas Chung nas.chung@chipsnmedia.com
[ Upstream commit 8e172e38a623ce284baf2514f963b29e4d47c62e ]
Avoid uninitialized variable when both V4L2_TYPE_IS_OUTPUT() and V4L2_TYPE_IS_CAPTURE() return false.
Signed-off-by: Nas Chung nas.chung@chipsnmedia.com Signed-off-by: Sebastian Fricke sebastian.fricke@collabora.com Signed-off-by: Hans Verkuil hverkuil@xs4all.nl Signed-off-by: Sasha Levin sashal@kernel.org ---
**YES** This commit should be backported to stable kernel trees. **Analysis:** This commit fixes a legitimate uninitialized variable bug in the `find_format_by_index()` function in `drivers/media/platform/qcom/venus/vdec.c`. Here's why it meets the criteria for stable backporting: 1. **Bug Fix Nature**: The commit addresses a clear code defect where the `valid` variable could be used uninitialized. In the original code at line 157, `bool valid;` is declared but not initialized. The logic then uses an `if-else if` construct: - `if (V4L2_TYPE_IS_OUTPUT(type))` - sets `valid` - `else if (V4L2_TYPE_IS_CAPTURE(type))` - sets `valid` - But if neither condition is true, `valid` remains uninitialized 2. **Potential Impact**: Based on the V4L2 macro definitions, `V4L2_TYPE_IS_CAPTURE(type)` is defined as `(!V4L2_TYPE_IS_OUTPUT(type))`, which means these should be mutually exclusive and cover all cases. However, the bug exists because the original code used `else if` instead of just `else`, creating a theoretical path where neither executes. 3. **Minimal Risk Fix**: The fix is extremely simple and safe - changing `bool valid;` to `bool valid = false;` and replacing `else if` with `else`. This ensures the variable is always initialized and the logic covers all possible cases. 4. **Consistency with Similar Commits**: This fix is very similar to "Similar Commit #1" which was marked as "Backport Status: YES". That commit also fixed an uninitialized variable in the venus driver with a simple initialization. The pattern and impact are nearly identical. 5. **No Side Effects**: The change is purely defensive programming - it doesn't alter the intended behavior but prevents undefined behavior in edge cases. 6. **Compiler/Static Analysis Issue**: This type of uninitialized variable warning is commonly flagged by static analysis tools and newer compiler versions, indicating it's a legitimate code quality issue that should be fixed. The commit follows stable tree rules perfectly: it's a small, contained bugfix with minimal regression risk that addresses a potential runtime issue in the venus media driver.
drivers/media/platform/qcom/venus/vdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c index 884ee6e9d4bd1..0cf95bfff86ac 100644 --- a/drivers/media/platform/qcom/venus/vdec.c +++ b/drivers/media/platform/qcom/venus/vdec.c @@ -154,14 +154,14 @@ find_format_by_index(struct venus_inst *inst, unsigned int index, u32 type) return NULL;
for (i = 0; i < size; i++) { - bool valid; + bool valid = false;
if (fmt[i].type != type) continue;
if (V4L2_TYPE_IS_OUTPUT(type)) { valid = venus_helper_check_codec(inst, fmt[i].pixfmt); - } else if (V4L2_TYPE_IS_CAPTURE(type)) { + } else { valid = venus_helper_check_format(inst, fmt[i].pixfmt);
if (fmt[i].pixfmt == V4L2_PIX_FMT_QC10C &&