Google
  Web www.spinics.net

patch v4l-bttv-prevent-null-pointer-dereference-in-radio_open.patch added to 2.6.26-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


This is a note to let you know that we have just queued up the patch titled

    Subject: V4L: bttv: Prevent NULL pointer dereference in radio_open

to the 2.6.26-stable tree.  Its filename is

    v4l-bttv-prevent-null-pointer-dereference-in-radio_open.patch

A git repo of this tree can be found at 
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary


>From mkrufky@xxxxxxxxxxx  Thu Oct 16 15:56:52 2008
From: Jean Delvare <khali@xxxxxxxxxxxx>
Date: Fri, 10 Oct 2008 08:41:38 -0400
Subject: V4L: bttv: Prevent NULL pointer dereference in radio_open
To: stable@xxxxxxxxxx
Cc: Jean Delvare <khali@xxxxxxxxxxxx>, v4l-dvb maintainer list <v4l-dvb-maintainer@xxxxxxxxxxx>, Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx>
Message-ID: <48EF4D82.5070609@xxxxxxxxxxx>


From: Jean Delvare <khali@xxxxxxxxxxxx>

(cherry picked from commit c37396c19403e249f12626187d51e92c915f2bc9)

Fix the following crash in the bttv driver:

BUG: unable to handle kernel NULL pointer dereference at 000000000000036c
IP: [<ffffffffa037860a>] radio_open+0x3a/0x170 [bttv]

This happens because radio_open assumes that all present bttv devices
have a radio function. If a bttv device without radio and one with
radio are installed on the same system, and the one without radio is
registered first, then radio_open checks for the radio device number
of a bttv device that has no radio function, and this breaks. All we
have to do to fix it is to skip bttv devices without a radio function.

Signed-off-by: Jean Delvare <khali@xxxxxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx>
Signed-off-by: Michael Krufky <mkrufky@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
 drivers/media/video/bt8xx/bttv-driver.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/media/video/bt8xx/bttv-driver.c
+++ b/drivers/media/video/bt8xx/bttv-driver.c
@@ -3428,7 +3428,7 @@ static int radio_open(struct inode *inod
 	dprintk("bttv: open minor=%d\n",minor);
 
 	for (i = 0; i < bttv_num; i++) {
-		if (bttvs[i].radio_dev->minor == minor) {
+		if (bttvs[i].radio_dev && bttvs[i].radio_dev->minor == minor) {
 			btv = &bttvs[i];
 			break;
 		}


Patches currently in stable-queue which might be from khali@xxxxxxxxxxxx are

queue-2.6.26/v4l-bttv-prevent-null-pointer-dereference-in-radio_open.patch
queue-2.6.26/v4l-zr36067-fix-rgbr-pixel-format.patch

_______________________________________________
v4l-dvb-maintainer mailing list
v4l-dvb-maintainer@xxxxxxxxxxx
http://www.linuxtv.org/cgi-bin/mailman/listinfo/v4l-dvb-maintainer

[Linux Media]     [Older V4L]     [Linux DVB]     [Video Disk Recorder]     [Asterisk]     [Photo]     [DCCP]     [Netdev]     [Xorg]     [Util Linux NG]     [Xfree86]     [Free Photo Albums]     [Fedora Users]     [Fedora Women]     [ALSA Users]     [ALSA Devel]     [SSH]     [Linux USB]

-->
Add to Google Powered by Linux

Google PageRank Checking tool