From 423f14b6e6d487dec5122fb73482cf8cb965a542 Mon Sep 17 00:00:00 2001
From: Swami Reddy Reddy <quic_swamired@quicinc.com>
Date: Wed, 24 Jul 2024 18:53:36 +0530
Subject: [PATCH] msm: camera: sensor: TOCTOU error handling

- Change to dereference s_ctrl only after proper
  NULL Dereference Check.

CRs-Fixed: 3875406
Change-Id: I8e2c717b22efff2a7d6503d38c048e30eff230da
Signed-off-by: Swami Reddy Reddy <quic_swamired@quicinc.com>
---
 .../drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c | 5 +++--
 .../drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c | 7 ++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/techpack/camera-bengal/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c b/techpack/camera-bengal/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c
index 37d3ea2fa1d7..5f2a33e8258b 100644
--- a/techpack/camera-bengal/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c
+++ b/techpack/camera-bengal/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c
@@ -656,13 +656,14 @@ int32_t cam_sensor_driver_cmd(struct cam_sensor_ctrl_t *s_ctrl,
 {
 	int rc = 0, pkt_opcode = 0;
 	struct cam_control *cmd = (struct cam_control *)arg;
-	struct cam_sensor_power_ctrl_t *power_info =
-		&s_ctrl->sensordata->power_info;
+	struct cam_sensor_power_ctrl_t *power_info = NULL;
 	if (!s_ctrl || !arg) {
 		CAM_ERR(CAM_SENSOR, "s_ctrl is NULL");
 		return -EINVAL;
 	}
 
+	power_info = &s_ctrl->sensordata->power_info;
+
 	if (cmd->op_code != CAM_SENSOR_PROBE_CMD) {
 		if (cmd->handle_type != CAM_HANDLE_USER_POINTER) {
 			CAM_ERR(CAM_SENSOR, "Invalid handle type: %d",
diff --git a/techpack/camera/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c b/techpack/camera/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c
index 4ada916ac77c..a926d4b14272 100644
--- a/techpack/camera/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c
+++ b/techpack/camera/drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024, Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include <linux/module.h>
@@ -785,13 +785,14 @@ int32_t cam_sensor_driver_cmd(struct cam_sensor_ctrl_t *s_ctrl,
 {
 	int rc = 0, pkt_opcode = 0;
 	struct cam_control *cmd = (struct cam_control *)arg;
-	struct cam_sensor_power_ctrl_t *power_info =
-		&s_ctrl->sensordata->power_info;
+	struct cam_sensor_power_ctrl_t *power_info = NULL;
 	if (!s_ctrl || !arg) {
 		CAM_ERR(CAM_SENSOR, "s_ctrl is NULL");
 		return -EINVAL;
 	}
 
+	power_info = &s_ctrl->sensordata->power_info;
+
 	if (cmd->op_code != CAM_SENSOR_PROBE_CMD) {
 		if (cmd->handle_type != CAM_HANDLE_USER_POINTER) {
 			CAM_ERR(CAM_SENSOR, "Invalid handle type: %d",