From a91050ea32a7a60409f2ed357e39db3631ee49a9 Mon Sep 17 00:00:00 2001
From: "renjiang.han" <renjiang.han@amlogic.com>
Date: Thu, 4 Jul 2019 15:34:36 +0800
Subject: [PATCH] ppmgr: Unbound kstrdup and Potential Null Dereference. [1/1]

PD#OTT-4872

Problem:
Unbound kstrdup and Potential Null Dereference.

Solution:
Add a judgment on the return value and the null pointer.

Verify:
on u212

Change-Id: I1e493c8125e08d4a6fb9fb46f28309eba6f0e47b
Signed-off-by: renjiang.han <renjiang.han@amlogic.com>
---
 .../media/video_processor/ppmgr/ppmgr_drv.c        | 45 ++++++++++++++++++++--
 1 file changed, 41 insertions(+), 4 deletions(-)

diff --git a/drivers/amlogic/media/video_processor/ppmgr/ppmgr_drv.c b/drivers/amlogic/media/video_processor/ppmgr/ppmgr_drv.c
index 6988337..084c7366 100644
--- a/drivers/amlogic/media/video_processor/ppmgr/ppmgr_drv.c
+++ b/drivers/amlogic/media/video_processor/ppmgr/ppmgr_drv.c
@@ -250,9 +250,17 @@ static int parse_para(const char *para, int para_num, int *result)
 		return 0;
 
 	params = kstrdup(para, GFP_KERNEL);
+	if (!params) {
+		PPMGRDRV_INFO("para kstrdup failed\n");
+		return 0;
+	}
 	params_base = params;
 	token = params;
 	len = strlen(token);
+	if (len <= 0) {
+		PPMGRDRV_INFO("token is NULL\n");
+		return 0;
+	}
 	do {
 		token = strsep(&params, " ");
 		while (token && (isspace(*token)
@@ -582,6 +590,10 @@ static ssize_t dump_path_write(struct class *cla, struct class_attribute *attr,
 	char *tmp;
 
 	tmp = kstrdup(buf, GFP_KERNEL);
+	if (!tmp) {
+		PPMGRDRV_INFO("buf kstrdup failed\n");
+		return 0;
+	}
 	strcpy(ppmgr_device.dump_path, tmp);
 
 	return count;
@@ -597,8 +609,12 @@ static ssize_t disp_read(struct class *cla, struct class_attribute *attr,
 static void set_disp_para(const char *para)
 {
 	int parsed[2];
+	int ret;
 
-	if (likely(parse_para(para, 2, parsed) == 2)) {
+	ret = parse_para(para, 2, parsed);
+	if (ret <= 0)
+		return;
+	if (likely(ret == 2)) {
 		int w, h;
 
 		w = parsed[0];
@@ -614,6 +630,11 @@ static void set_disp_para(const char *para)
 static ssize_t disp_write(struct class *cla, struct class_attribute *attr,
 				const char *buf, size_t count)
 {
+	int buflen;
+
+	buflen = strlen(buf);
+	if (buflen <= 0)
+		return 0;
 	set_disp_para(buf);
 	return count;
 }
@@ -662,8 +683,13 @@ static ssize_t ppscaler_write(struct class *cla, struct class_attribute *attr,
 static void set_ppscaler_para(const char *para)
 {
 	int parsed[5];
+	int ret;
 
-	if (likely(parse_para(para, 5, parsed) == 5)) {
+	ret = parse_para(para, 5, parsed);
+	if (ret <= 0)
+		return;
+
+	if (likely(ret == 5)) {
 		ppmgr_device.scale_h_start = parsed[0];
 		ppmgr_device.scale_v_start = parsed[1];
 		ppmgr_device.scale_h_end = parsed[2];
@@ -695,6 +721,11 @@ static ssize_t ppscaler_rect_write(struct class *cla,
 					struct class_attribute *attr,
 					const char *buf, size_t count)
 {
+	int buflen;
+
+	buflen = strlen(buf);
+	if (buflen <= 0)
+		return 0;
 	set_ppscaler_para(buf);
 	return count;
 }
@@ -1239,8 +1270,12 @@ static ssize_t write_scale_width(struct class *cla,
 static void set_cut_window(const char *para)
 {
 	int parsed[2];
+	int ret;
 
-	if (likely(parse_para(para, 2, parsed) == 2)) {
+	ret = parse_para(para, 2, parsed);
+	if (ret <= 0)
+		return;
+	if (likely(ret == 2)) {
 		int top, left;
 
 		top = parsed[0];
@@ -1262,6 +1297,8 @@ static ssize_t cut_win_store(
 	struct class *cla, struct class_attribute *attr, const char *buf,
 	size_t count)
 {
+	if (strlen(buf) <= 0)
+		return 0;
 	set_cut_window(buf);
 	return strnlen(buf, count);
 }
@@ -1771,7 +1808,7 @@ static int ppmgr_driver_probe(struct platform_device *pdev)
 {
 	s32 r;
 
-	PPMGRDRV_ERR("ppmgr_driver_probe called\n");
+	PPMGRDRV_INFO("ppmgr_driver_probe called\n");
 	r = of_reserved_mem_device_init(&pdev->dev);
 	ppmgr_device.pdev = pdev;
 	init_ppmgr_device();
-- 
2.7.4