drivers/staging/media/tegra-video/vi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
tegra_get_format_fourcc_by_idx() returns a u32 but uses -EINVAL
to signal an out-of-bounds index. This results in a large unsigned
value being returned, which may be interpreted as a valid fourcc.
Return 0 instead to indicate an invalid format.
Callers assign the return value directly to pixelformat, so returning
an error code encoded in u32 is unsafe.
Signed-off-by: Hungyu Lin <dennylin0707@gmail.com>
---
drivers/staging/media/tegra-video/vi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/media/tegra-video/vi.c b/drivers/staging/media/tegra-video/vi.c
index 9c0b38585d63..966792a6ec19 100644
--- a/drivers/staging/media/tegra-video/vi.c
+++ b/drivers/staging/media/tegra-video/vi.c
@@ -81,7 +81,7 @@ static u32 tegra_get_format_fourcc_by_idx(struct tegra_vi *vi,
unsigned int index)
{
if (index >= vi->soc->nformats)
- return -EINVAL;
+ return 0;
return vi->soc->video_formats[index].fourcc;
}
--
2.34.1On 12/04/2026 02:02, Hungyu Lin wrote:
> tegra_get_format_fourcc_by_idx() returns a u32 but uses -EINVAL
> to signal an out-of-bounds index. This results in a large unsigned
> value being returned, which may be interpreted as a valid fourcc.
>
> Return 0 instead to indicate an invalid format.
>
> Callers assign the return value directly to pixelformat, so returning
> an error code encoded in u32 is unsafe.
>
> Signed-off-by: Hungyu Lin <dennylin0707@gmail.com>
> ---
> drivers/staging/media/tegra-video/vi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/media/tegra-video/vi.c b/drivers/staging/media/tegra-video/vi.c
> index 9c0b38585d63..966792a6ec19 100644
> --- a/drivers/staging/media/tegra-video/vi.c
> +++ b/drivers/staging/media/tegra-video/vi.c
> @@ -81,7 +81,7 @@ static u32 tegra_get_format_fourcc_by_idx(struct tegra_vi *vi,
> unsigned int index)
> {
> if (index >= vi->soc->nformats)
> - return -EINVAL;
> + return 0;
Returning 0 is not a valid fourcc either.
This should never happen, so use WARN_ON_ONCE in the 'if' and return
vi->soc->video_formats[0].fourcc;
That's at least better than the current code.
Regards,
Hans
>
> return vi->soc->video_formats[index].fourcc;
> }
On Sun, Apr 12, 2026 at 12:02:45AM +0000, Hungyu Lin wrote:
> tegra_get_format_fourcc_by_idx() returns a u32 but uses -EINVAL
> to signal an out-of-bounds index. This results in a large unsigned
> value being returned, which may be interpreted as a valid fourcc.
>
> Return 0 instead to indicate an invalid format.
>
> Callers assign the return value directly to pixelformat, so returning
> an error code encoded in u32 is unsafe.
>
> Signed-off-by: Hungyu Lin <dennylin0707@gmail.com>
> ---
> drivers/staging/media/tegra-video/vi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/media/tegra-video/vi.c b/drivers/staging/media/tegra-video/vi.c
> index 9c0b38585d63..966792a6ec19 100644
> --- a/drivers/staging/media/tegra-video/vi.c
> +++ b/drivers/staging/media/tegra-video/vi.c
> @@ -81,7 +81,7 @@ static u32 tegra_get_format_fourcc_by_idx(struct tegra_vi *vi,
> unsigned int index)
> {
> if (index >= vi->soc->nformats)
> - return -EINVAL;
> + return 0;
Someone else just sent a patch for this which added error checking to
the caller. I liked that approach better. (I haven't checked to see
if your approach works).
But either way this needs further review to see if the bug is actually
real and if so what is the Fixes tag?
regards,
dan carpenter
© 2016 - 2026 Red Hat, Inc.