From 2a4976233fa6107b3f0cabc4e9f948d9f9e5b500 Mon Sep 17 00:00:00 2001
From: yangxu <yangxu@nvidia.com>
Date: Fri, 17 Jan 2025 08:56:38 +0000
Subject: [PATCH]  kernel: nvidia-oot: Fix KMD coverity defects(6)

Fix coverity defects
NULL_RETURNS
INT08-C
INT30-C
EXP34-C

Jira CAMERASW-30853

Change-Id: If9617a18367830eaa3fa3eed102c4a2214d869d2
Signed-off-by: yangxu <yangxu@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3285360
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: Praveen AC <pac@nvidia.com>
Tested-by: Patrick Young <payoung@nvidia.com>
Reviewed-by: Sudhir Vyas <svyas@nvidia.com>
Reviewed-by: Semi Malinen <smalinen@nvidia.com>
---
 .../media/platform/tegra/camera/camera_common.c    |  6 ++++++
 .../tegra/camera/fusa-capture/capture-isp.c        | 14 +++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/drivers/media/platform/tegra/camera/camera_common.c b/drivers/media/platform/tegra/camera/camera_common.c
index afd1a4b5..7e80a045 100644
--- a/drivers/media/platform/tegra/camera/camera_common.c
+++ b/drivers/media/platform/tegra/camera/camera_common.c
@@ -560,6 +560,9 @@ int camera_common_enum_mbus_code(struct v4l2_subdev *sd,
 	struct tegra_channel *chan = v4l2_get_subdev_hostdata(sd);
 	const struct camera_common_colorfmt *sensor_fmt;
 
+	if (s_data == NULL)
+		return -EINVAL;
+
 	sensor_fmt = find_matching_color_fmt(s_data, code->index);
 
 	if (sensor_fmt == NULL)
@@ -579,6 +582,9 @@ int camera_common_enum_fmt(struct v4l2_subdev *sd, unsigned int index,
 	struct camera_common_data *s_data = to_camera_common_data(sd->dev);
 	const struct camera_common_colorfmt *sensor_fmt;
 
+	if (s_data == NULL)
+		return -EINVAL;
+
 	sensor_fmt = find_matching_color_fmt(s_data, index);
 
 	if (sensor_fmt == NULL)
diff --git a/drivers/media/platform/tegra/camera/fusa-capture/capture-isp.c b/drivers/media/platform/tegra/camera/fusa-capture/capture-isp.c
index f44737ac..ea4b1855 100644
--- a/drivers/media/platform/tegra/camera/fusa-capture/capture-isp.c
+++ b/drivers/media/platform/tegra/camera/fusa-capture/capture-isp.c
@@ -655,11 +655,19 @@ static uint32_t isp_capture_get_num_stats_progress(
 	struct tegra_isp_channel *chan,
 	struct isp_program_req *req)
 {
+	uint32_t offset = 0U;
 	struct isp_desc_rec *program_desc_ctx =
 		&chan->capture_data->program_desc_ctx;
-	struct isp5_program *program = (struct isp5_program *)
-		(program_desc_ctx->requests.va + sizeof(struct isp_program_descriptor) +
-		req->buffer_index * program_desc_ctx->request_size);
+	struct isp5_program *program = NULL;
+
+	if (__builtin_umul_overflow(req->buffer_index, program_desc_ctx->request_size, &offset)) {
+		dev_dbg(chan->isp_dev,
+			"%s: calculation of the offset failed due to an overflow\n", __func__);
+		return -EOVERFLOW;
+	}
+
+	program = (struct isp5_program *)
+		(program_desc_ctx->requests.va + sizeof(struct isp_program_descriptor) + offset);
 
 	if (!program) {
 		dev_dbg(chan->isp_dev,