Re: [PATCH 1/1] media: video/cx18, fix potential null dereference

From: Andy Walls
Date: Mon Jan 11 2010 - 18:50:52 EST

Next message: Suresh Siddha: "Re: [PATCH] Revert 2fbd07a5f so machines with BSPs phsyical apicid != 0 can boot"
Previous message: Rafael J. Wysocki: "Re: [Bug #15033] drm: gem_object_free without struct_mutex"
In reply to: Jiri Slaby: "[PATCH 1/1] media: video/cx18, fix potential null dereference"
Next in thread: Jiri Slaby: "Re: [PATCH 1/1] media: video/cx18, fix potential null dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2010-01-10 at 09:56 +0100, Jiri Slaby wrote:
> Stanse found a potential null dereference in cx18_dvb_start_feed
> and cx18_dvb_stop_feed. There is a check for stream being NULL,
> but it is dereferenced earlier. Move the dereference after the
> check.
>
> Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>

Reviewed-by: Andy Walls <awalls@xxxxxxxxx>
Acked-by: Andy Walls <awalls@xxxxxxxxx>

Regards,
Andy

> ---
> drivers/media/video/cx18/cx18-dvb.c | 18 ++++++++++--------
> 1 files changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/media/video/cx18/cx18-dvb.c b/drivers/media/video/cx18/cx18-dvb.c
> index 71ad2d1..0ad5b63 100644
> --- a/drivers/media/video/cx18/cx18-dvb.c
> +++ b/drivers/media/video/cx18/cx18-dvb.c
> @@ -213,10 +213,14 @@ static int cx18_dvb_start_feed(struct dvb_demux_feed *feed)
> {
> struct dvb_demux *demux = feed->demux;
> struct cx18_stream *stream = (struct cx18_stream *) demux->priv;
> - struct cx18 *cx = stream->cx;
> + struct cx18 *cx;
> int ret;
> u32 v;
>
> + if (!stream)
> + return -EINVAL;
> +
> + cx = stream->cx;
> CX18_DEBUG_INFO("Start feed: pid = 0x%x index = %d\n",
> feed->pid, feed->index);
>
> @@ -253,9 +257,6 @@ static int cx18_dvb_start_feed(struct dvb_demux_feed *feed)
> if (!demux->dmx.frontend)
> return -EINVAL;
>
> - if (!stream)
> - return -EINVAL;
> -
> mutex_lock(&stream->dvb.feedlock);
> if (stream->dvb.feeding++ == 0) {
> CX18_DEBUG_INFO("Starting Transport DMA\n");
> @@ -279,13 +280,14 @@ static int cx18_dvb_stop_feed(struct dvb_demux_feed *feed)
> {
> struct dvb_demux *demux = feed->demux;
> struct cx18_stream *stream = (struct cx18_stream *)demux->priv;
> - struct cx18 *cx = stream->cx;
> + struct cx18 *cx;
> int ret = -EINVAL;
>
> - CX18_DEBUG_INFO("Stop feed: pid = 0x%x index = %d\n",
> - feed->pid, feed->index);
> -
> if (stream) {
> + cx = stream->cx;
> + CX18_DEBUG_INFO("Stop feed: pid = 0x%x index = %d\n",
> + feed->pid, feed->index);
> +
> mutex_lock(&stream->dvb.feedlock);
> if (--stream->dvb.feeding == 0) {
> CX18_DEBUG_INFO("Stopping Transport DMA\n");

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Suresh Siddha: "Re: [PATCH] Revert 2fbd07a5f so machines with BSPs phsyical apicid != 0 can boot"
Previous message: Rafael J. Wysocki: "Re: [Bug #15033] drm: gem_object_free without struct_mutex"
In reply to: Jiri Slaby: "[PATCH 1/1] media: video/cx18, fix potential null dereference"
Next in thread: Jiri Slaby: "Re: [PATCH 1/1] media: video/cx18, fix potential null dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]