media: uvcvideo: Avoid invalid memory access

commit f0577b1b6394f954903fcc67e12fe9e7001dafd6 upstream.

If mappings points to an invalid memory, we will be invalid accessing
it. Solve it by initializing the value of the variable mapping and by
changing the order in the conditional statement (to avoid accessing
mapping->id if not needed).

Fix:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI

Fixes: 6350d6a4ed487 ("media: uvcvideo: Set error_idx during ctrl_commit errors")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
index 6da8ce2e539dd67050a8872b21ae5d11b36dca9b..481c959affbf7462e9fb46aac0b65e64948c7ed4 100644 (file)
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -1708,7 +1708,7 @@ static int uvc_ctrl_find_ctrl_idx(struct uvc_entity *entity,
                                  struct v4l2_ext_controls *ctrls,
                                  struct uvc_control *uvc_control)
 {
-       struct uvc_control_mapping *mapping;
+       struct uvc_control_mapping *mapping = NULL;
        struct uvc_control *ctrl_found;
        unsigned int i;