media: atmel-isi: Fix crash due to missing subdev in state

As a result of converting to the stream-aware state functions, commit
bc0e8d91feec ("media: v4l: subdev: Switch to stream-aware state
functions") caused the sd pointer of the state passed to the
v4l2_subdev_state_get_crop() function to be dereferenced. It however
missed that the atmel-isi driver creates the v4l2_subdev_state instance
on the stack (which it shouldn't do, but that's a separate problem),
without initializing the sd field. This results in a null pointer
dereference.

Fix it by initializing the sd field.

Fixes: bc0e8d91feec ("media: v4l: subdev: Switch to stream-aware state functions")
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>

diff --git a/drivers/media/platform/atmel/atmel-isi.c b/drivers/media/platform/atmel/atmel-isi.c
index da58f33b6b0af4883dd2809057573d9e2b9610b1..ed70c030858d774ae9870baac141018c37661387 100644 (file)
--- a/drivers/media/platform/atmel/atmel-isi.c
+++ b/drivers/media/platform/atmel/atmel-isi.c
@@ -589,6 +589,7 @@ static int isi_try_fmt(struct atmel_isi *isi, struct v4l2_format *f,
        struct v4l2_pix_format *pixfmt = &f->fmt.pix;
        struct v4l2_subdev_pad_config pad_cfg = {};
        struct v4l2_subdev_state pad_state = {
+               .sd = isi->entity.subdev,
                .pads = &pad_cfg,
        };
        struct v4l2_subdev_format format = {