authorJesper Juhl <jj@chaosbits.net>2011-01-13 22:05:47 (GMT)
committerMauro Carvalho Chehab <mchehab@redhat.com>2011-05-04 16:17:34 (GMT)
commit96ca8620ba574b9b74e04fda857b360edbfdd11b (patch)
parent64f770fb546e143b39e26092916f13b84181b293 (diff)
[media] gspca/stv06xx_pb0100: Don't potentially deref NULL in pb0100_start()
usb_altnum_to_altsetting() may return NULL. If it does we'll dereference a NULL pointer in drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c::pb0100_start(). As far as I can tell there's not really anything more sensible than -ENODEV that we can return in that situation, but I'm not at all intimate with this code so I'd like a bit of review/comments on this before it's applied. Anyway, here's a proposed patch. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Cc: Jean-Francois Moine <moinejf@free.fr> Cc: Hans de Goede <hdegoede@redhat.com> Cc: Erik Andren <erik.andren@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c b/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c
index ac47b4c..75a5b9c 100644
--- a/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c
+++ b/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c
@@ -217,6 +217,8 @@ static int pb0100_start(struct sd *sd)
intf = usb_ifnum_to_if(sd->gspca_dev.dev, sd->gspca_dev.iface);
alt = usb_altnum_to_altsetting(intf, sd->gspca_dev.alt);
+ if (!alt)
+ return -ENODEV;
packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
/* If we don't have enough bandwidth use a lower framerate */

