From patchwork Sat Dec 26 00:47:12 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Richter X-Patchwork-Id: 2374 Return-path: Envelope-to: mchehab@infradead.org Delivery-date: Sat, 26 Dec 2009 00:48:46 +0000 Received: from bombadil.infradead.org [18.85.46.34] by pedra with IMAP (fetchmail-6.3.6) for (single-drop); Sat, 26 Dec 2009 23:54:09 -0200 (BRST) Received: from vger.kernel.org ([209.132.180.67]) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1NOKpq-0008Q1-Hg; Sat, 26 Dec 2009 00:48:46 +0000 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757592AbZLZAr1 (ORCPT + 1 other); Fri, 25 Dec 2009 19:47:27 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1757572AbZLZAr1 (ORCPT ); Fri, 25 Dec 2009 19:47:27 -0500 Received: from einhorn.in-berlin.de ([192.109.42.8]:53641 "EHLO einhorn.in-berlin.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757488AbZLZAr0 (ORCPT ); Fri, 25 Dec 2009 19:47:26 -0500 X-Envelope-From: stefanr@s5r6.in-berlin.de Received: from stein ([83.221.231.7]) (authenticated bits=0) by einhorn.in-berlin.de (8.13.6/8.13.6/Debian-1) with ESMTP id nBQ0lDOK010724; Sat, 26 Dec 2009 01:47:14 +0100 Date: Sat, 26 Dec 2009 01:47:12 +0100 (CET) From: Stefan Richter Subject: [PATCH v4l/dvb] firedtv: add missing NULL pointer check To: linux-media@vger.kernel.org cc: linux1394-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Message-ID: MIME-Version: 1.0 Content-Disposition: INLINE X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8 Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org If there is ever going to be a FireDTV or FloppyDTV firmware which does not provide a minimal ASCII textual descriptor for Model_Id --- or if the descriptor is provided indirectly in a descriptor directory --- the ieee1394 variant of the device probe of firedtv would dereference a NULL pointer. The firewire variant of firedtv's device probe is not affected. The fix makes sure that such an unexpected firmware is safely recognized by fdtv_alloc as an unknown firmware. Signed-off-by: Stefan Richter --- drivers/media/dvb/firewire/firedtv-1394.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) Index: linux-2.6.33-rc2/drivers/media/dvb/firewire/firedtv-1394.c =================================================================== --- linux-2.6.33-rc2.orig/drivers/media/dvb/firewire/firedtv-1394.c +++ linux-2.6.33-rc2/drivers/media/dvb/firewire/firedtv-1394.c @@ -193,9 +193,13 @@ static int node_probe(struct device *dev int kv_len, err; void *kv_str; - kv_len = (ud->model_name_kv->value.leaf.len - 2) * sizeof(quadlet_t); - kv_str = CSR1212_TEXTUAL_DESCRIPTOR_LEAF_DATA(ud->model_name_kv); - + if (ud->model_name_kv) { + kv_len = (ud->model_name_kv->value.leaf.len - 2) * 4; + kv_str = CSR1212_TEXTUAL_DESCRIPTOR_LEAF_DATA(ud->model_name_kv); + } else { + kv_len = 0; + kv_str = NULL; + } fdtv = fdtv_alloc(dev, &fdtv_1394_backend, kv_str, kv_len); if (!fdtv) return -ENOMEM;