From: Michael Krufky Date: Sun, 18 Nov 2007 17:15:42 +0000 (-0300) Subject: V4L/DVB (6621): tda827x: fix NULL pointer dereference during tda827x_probe_version X-Git-Tag: v2.6.25-rc1~1235^2~351 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b0c453aa78be253b4414cd337c9975f91e2c894;p=linux-2.6 V4L/DVB (6621): tda827x: fix NULL pointer dereference during tda827x_probe_version Fix the following oops: [ 750.807586] CPU: 1 [ 750.807587] EIP: 0060:[] Tainted: P VLI [ 750.807589] EFLAGS: 00010296 (2.6.22-14-generic #1) [ 750.807599] EIP is at tda827x_probe_version+0xc3/0x130 [tda827x] [ 750.807603] eax: 00000000 ebx: f5a45a00 ecx: 00000000 edx: 00000001 [ 750.807607] esi: f9de05ac edi: e9b897e0 ebp: ed8015ac esp: ed735f58 [ 750.807611] ds: 007b es: 007b fs: 00d8 gs: 0000 ss: 0068 [ 750.807615] Process kdvb-fe-1 (pid: 10662, ti=ed734000 task=d3b76530 task.ti=ed734000) [ 750.807618] Stack: f9e23972 00000038 ed735fd0 00010060 41ae0001 ed735f73 88b89608 e9b89608 [ 750.807629] e9b89608 ed801400 f9dde338 e9b89608 f9b2a46b 000000ae 00000a18 d3b76640 [ 750.807639] fffffffc f9b2bad6 00000003 f4433e68 e962b8c0 f4433e64 00000292 ed735fd0 [ 750.807649] Call Trace: [ 750.807653] [] tda10046_init+0x2d2/0x6c0 [tda1004x] [ 750.807700] [] tda827x_initial_init+0x8/0x20 [tda827x] [ 750.807713] [] dvb_frontend_init+0x2b/0x60 [dvb_core] [ 750.807745] [] dvb_frontend_thread+0x66/0x2f0 [dvb_core] [ 750.807780] [complete+64/96] complete+0x40/0x60 [ 750.807805] [] dvb_frontend_thread+0x0/0x2f0 [dvb_core] [ 750.807822] [kthread+66/112] kthread+0x42/0x70 [ 750.807828] [kthread+0/112] kthread+0x0/0x70 [ 750.807841] [kernel_thread_helper+7/16] kernel_thread_helper+0x7/0x10 [ 750.807869] ======================= [ 750.807872] Code: 8b 74 24 20 8b 7c 24 24 83 c4 28 c3 8b 0d 00 0c de f9 85 c9 75 42 be e0 04 de f9 81 c7 0c 01 00 00 b9 33 00 00 00 f3 a5 8b 43 08 40 14 50 e3 dd f9 8b 5c 24 1c 31 c0 8b 74 24 20 8b 7c 24 24 [ 750.807925] EIP: [] tda827x_probe_version+0xc3/0x130 [tda827x] SS:ESP 0068:ed735f58 Signed-off-by: Michael Krufky Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/dvb/frontends/tda827x.c b/drivers/media/dvb/frontends/tda827x.c index 8329d33b51..50adfb5395 100644 --- a/drivers/media/dvb/frontends/tda827x.c +++ b/drivers/media/dvb/frontends/tda827x.c @@ -796,11 +796,13 @@ static int tda827x_probe_version(struct dvb_frontend *fe) dprintk("tda827x tuner found\n"); fe->ops.tuner_ops.init = tda827x_init; fe->ops.tuner_ops.sleep = tda827xo_sleep; - priv->cfg->agcf = tda827xo_agcf; + if (priv->cfg) + priv->cfg->agcf = tda827xo_agcf; } else { dprintk("tda827xa tuner found\n"); memcpy(&fe->ops.tuner_ops, &tda827xa_tuner_ops, sizeof(struct dvb_tuner_ops)); - priv->cfg->agcf = tda827xa_agcf; + if (priv->cfg) + priv->cfg->agcf = tda827xa_agcf; } return 0; }