Hello Hans Verkuil,
The patch bb436cbeb918: "media: videobuf: fix epoll() by calling
poll_wait first" from Feb 7, 2019, leads to the following static
checker warning:
drivers/media/v4l2-core/videobuf-core.c:1126 videobuf_poll_stream()
warn: passing bogus address: '&buf->done'
drivers/media/v4l2-core/videobuf-core.c
1118 __poll_t videobuf_poll_stream(struct file *file,
1119 struct videobuf_queue *q,
1120 poll_table *wait)
1121 {
1122 __poll_t req_events = poll_requested_events(wait);
1123 struct videobuf_buffer *buf = NULL;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1124 __poll_t rc = 0;
1125
1126 poll_wait(file, &buf->done, wait);
^^^^^^^^^^
This will totally crash, because &buf->done is (void *)72 so it's
non-NULL. It's weird that this code was merged in Feb and no one has
complained about it...
1127 videobuf_queue_lock(q);
1128 if (q->streaming) {
1129 if (!list_empty(&q->stream))
1130 buf = list_entry(q->stream.next,
1131 struct videobuf_buffer,
stream);
1132 } else if (req_events & (EPOLLIN | EPOLLRDNORM)) {
1133 if (!q->reading)
1134 __videobuf_read_start(q);
1135 if (!q->reading) {
1136 rc = EPOLLERR;
1137 } else if (NULL == q->read_buf) {
1138 q->read_buf = list_entry(q->stream.next,
regards,
dan carpenter
