projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7dfff95)
[media] V4L: sh_mobile_ceu_camera: fix Oops when USERPTR mapping fails
authorGuennadi Liakhovetski <g.liakhovetski@gmx.de>
Mon, 4 Jul 2011 15:15:14 +0000 (12:15 -0300)
committerMauro Carvalho Chehab <mchehab@redhat.com>
Wed, 27 Jul 2011 20:56:09 +0000 (17:56 -0300)
If vb2_dma_contig_get_userptr() fails on a videobuffer, driver's
.buf_init() method will not be called and the list will not be
initialised. Trying to remove an uninitialised element from a list leads
to a NULL-dereference.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Tested-by: Bastian Hecht <hechtb@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
drivers/media/video/sh_mobile_ceu_camera.c patch | blob | blame | history

diff --git a/drivers/media/video/sh_mobile_ceu_camera.c b/drivers/media/video/sh_mobile_ceu_camera.c
index f86550703f8ec4b672719966b86d2b9113787ec0..e54089802b6b906027b36369984f126d9d8e8830 100644 (file)
--- a/drivers/media/video/sh_mobile_ceu_camera.c
+++ b/drivers/media/video/sh_mobile_ceu_camera.c
@@ -422,8 +422,12 @@ static void sh_mobile_ceu_videobuf_release(struct vb2_buffer *vb)
                pcdev->active = NULL;
        }
 
-       /* Doesn't hurt also if the list is empty */
-       list_del_init(&buf->queue);
+       /*
+        * Doesn't hurt also if the list is empty, but it hurts, if queuing the
+        * buffer failed, and .buf_init() hasn't been called
+        */
+       if (buf->queue.next)
+               list_del_init(&buf->queue);
 
        spin_unlock_irq(&pcdev->lock);
 }
Motorola kernel-slsi