tvafe: vbi: fix coverity [1/1]

PD#SWPL-15873 Problem: Coverity defect cleanup. Solution: Coverity defect cleanup. Verify: x301 Change-Id: I4c5c5e8d01dbd8eb3389937e45461775ab1ac4ca Signed-off-by: Evoke Zhang <evoke.zhang@amlogic.com>
2026-06-09 12:17:12 +09:00 · 2019-11-01 11:32:34 +08:00
parent 08b606bbad
commit d456a5f43c
1 changed files with 15 additions and 2 deletions
--- a/drivers/amlogic/media/vin/tvin/tvafe/tvafe_vbi.c
+++ b/drivers/amlogic/media/vin/tvin/tvafe/tvafe_vbi.c
@@ -1289,6 +1289,11 @@ static int vbi_set_buffer_size(struct vbi_dev_s *dev,
 		tvafe_pr_info("%s: buffer size is 0!!!\n", __func__);
 		return -EINVAL;
 	}
+	if (size > VBI_DEFAULT_BUFFER_SIZE) {
+		tvafe_pr_info("%s: buffer size %d can't over %d\n",
+			      __func__, size, VBI_DEFAULT_BUFFER_SIZE);
+		return -EINVAL;
+	}
 	if (vbi_slicer->state >= VBI_STATE_GO) {
 		tvafe_pr_info("%s: vbi_slicer busy!!!\n", __func__);
 		return -EBUSY;
@@ -1737,6 +1742,13 @@ static long vbi_ioctl(struct file *file,
 			mutex_unlock(&vbi_slicer->mutex);
 			break;
 		}
+		if ((!buffer_size_t) ||
+		    (buffer_size_t > VBI_DEFAULT_BUFFER_SIZE)) {
+			mutex_unlock(&vbi_slicer->mutex);
+			tvafe_pr_info("%s: invalid buf size %d\n",
+				      __func__, buffer_size_t);
+			break;
+		}
 		ret = vbi_set_buffer_size(vbi_dev, buffer_size_t);
 		mutex_unlock(&vbi_slicer->mutex);
 		tvafe_pr_info("%s: set buf size to %d, state:%d\n",
@@ -1957,8 +1969,9 @@ static ssize_t vbi_store(struct device *dev,
 				vbi_buffer->size, vbi_buffer->data_num,
 				vbi_buffer->pread, vbi_buffer->pwrite,
 				vbi_buffer->data_wmode);
-		tvafe_pr_info("isr_cnt:%d,slicer_cnt:%d\n",
-			devp->isr_cnt, vbi_slicer->slicer_cnt);
+		if (vbi_slicer)
+			tvafe_pr_info("isr_cnt:%d,slicer_cnt:%d\n",
+				      devp->isr_cnt, vbi_slicer->slicer_cnt);
 		tvafe_pr_info("drv_version:%s\n", VBI_DRV_VER);
 		tvafe_pr_info("dump satus done!!\n");
 	} else if (!strncmp(parm[0], "dbg_en", strlen("dbg_en"))) {