| From mkrufky@linuxtv.org Thu Oct 16 15:56:52 2008 |
| From: Jean Delvare <khali@linux-fr.org> |
| Date: Fri, 10 Oct 2008 08:41:38 -0400 |
| Subject: V4L: bttv: Prevent NULL pointer dereference in radio_open |
| To: stable@kernel.org |
| Cc: Jean Delvare <khali@linux-fr.org>, v4l-dvb maintainer list <v4l-dvb-maintainer@linuxtv.org>, Mauro Carvalho Chehab <mchehab@infradead.org> |
| Message-ID: <48EF4D82.5070609@linuxtv.org> |
| |
| |
| From: Jean Delvare <khali@linux-fr.org> |
| |
| (cherry picked from commit c37396c19403e249f12626187d51e92c915f2bc9) |
| |
| Fix the following crash in the bttv driver: |
| |
| BUG: unable to handle kernel NULL pointer dereference at 000000000000036c |
| IP: [<ffffffffa037860a>] radio_open+0x3a/0x170 [bttv] |
| |
| This happens because radio_open assumes that all present bttv devices |
| have a radio function. If a bttv device without radio and one with |
| radio are installed on the same system, and the one without radio is |
| registered first, then radio_open checks for the radio device number |
| of a bttv device that has no radio function, and this breaks. All we |
| have to do to fix it is to skip bttv devices without a radio function. |
| |
| Signed-off-by: Jean Delvare <khali@linux-fr.org> |
| Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> |
| Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/media/video/bt8xx/bttv-driver.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/media/video/bt8xx/bttv-driver.c |
| +++ b/drivers/media/video/bt8xx/bttv-driver.c |
| @@ -3428,7 +3428,7 @@ static int radio_open(struct inode *inod |
| dprintk("bttv: open minor=%d\n",minor); |
| |
| for (i = 0; i < bttv_num; i++) { |
| - if (bttvs[i].radio_dev->minor == minor) { |
| + if (bttvs[i].radio_dev && bttvs[i].radio_dev->minor == minor) { |
| btv = &bttvs[i]; |
| break; |
| } |
