[bug report] media: rockchip: rkcif: add support for rk3568 vicap mipi capture

Michael Riesch michael.riesch at collabora.com
Mon Feb 16 05:33:35 PST 2026 

Hi Dan,

On 2/6/26 14:39, Dan Carpenter wrote:
> [ Smatch checking is paused while we raise funding.  #SadFace
>   https://lore.kernel.org/all/aTaiGSbWZ9DJaGo7@stanley.mountain/ -dan ]
> 
> Hello Michael Riesch,
> 
> Commit 1f2353f5a1af ("media: rockchip: rkcif: add support for rk3568
> vicap mipi capture") from Nov 14, 2025 (linux-next), leads to the
> following Smatch static checker warning:
> 
> drivers/media/platform/rockchip/rkcif/rkcif-capture-mipi.c:519 rkcif_mipi_id_get_reg()
> index hardmax out of bounds 'rkcif->match_data->mipi->regs_id[id]' size=4 max='4' rl='0-u32max'
> 
> drivers/media/platform/rockchip/rkcif/rkcif-capture-mipi.c:519 rkcif_mipi_id_get_reg()
> index hardmax out of bounds 'rkcif->match_data->mipi->regs_id[id][index]' size=11 max='11' rl='0-11'
> 
> drivers/media/platform/rockchip/rkcif/rkcif-capture-mipi.c
>     504 static inline unsigned int rkcif_mipi_id_get_reg(struct rkcif_stream *stream,
>     505                                                  unsigned int index)
>     506 {
>     507         struct rkcif_device *rkcif = stream->rkcif;
>     508         unsigned int block, id, offset, reg;
>     509 
>     510         block = stream->interface->index - RKCIF_MIPI_BASE;
>     511         id = stream->id;
>     512 
>     513         if (WARN_ON_ONCE(block > RKCIF_MIPI_MAX - RKCIF_MIPI_BASE) ||
>     514             WARN_ON_ONCE(id > RKCIF_ID_MAX) ||
>     515             WARN_ON_ONCE(index > RKCIF_MIPI_ID_REGISTER_MAX))
> 
> 
> The id and index checks should be >=.  Not sure about block but I assume
> it's off by one as well.

Thanks for the heads up. I started fixing this and then recalled some
previous work on that issue.

I found that you submitted a patch that fixes exactly this, but this
patch hasn't been applied for whatever reason.

Since I have some other fixes for the rkcif driver, I'll give your patch
another spin in the scope of that series -- hope this is OK for you!

Best regards,
Michael

> 
>     516                 return RKCIF_REGISTER_NOTSUPPORTED;
>     517 
>     518         offset = rkcif->match_data->mipi->blocks[block].offset;
> --> 519         reg = rkcif->match_data->mipi->regs_id[id][index];
>     520         if (reg == RKCIF_REGISTER_NOTSUPPORTED)
>     521                 return reg;
>     522 
>     523         return offset + reg;
>     524 }
> 
> regards,
> dan carpenter

More information about the Linux-rockchip mailing list