On Mon, Sep 19, 2016 at 8:51 PM, Alexandre-Xavier Labonté-Lamoureux
<axdoo...@gmail.com> wrote:
> Hi people,
>
> In the file "/linux/drivers/media/pci/ngene/ngene-core.c", there is a
> null pointer dereference at line 1480.
>
> Code in the function "static int init_channel(struct ngene_channel *chan)"
> ======================================
> if (io & NGENE_IO_TSIN) {
> chan->fe = NULL; // Set to NULL
> if (ni->demod_attach[nr]) { // First condition
> ret = ni->demod_attach[nr](chan);
> if (ret < 0) // Another condition
> goto err; // Goto that avoids
> the problem
> }
> if (chan->fe && ni->tuner_attach[nr]) { // Condition that
> tests the null pointer
> ret = ni->tuner_attach[nr](chan);
> if (ret < 0)
> goto err;
> }
> }
> =====================================
>
> "chan->fe" is set to NULL, then it tests for something (I have no idea
> what it's doing, I know nothing about this driver), if the results of
> the first two if conditions fail to reach the goto, then it will test
> the condition with the null pointer, which will cause a crash. I don't
> know if the kernel can recover from null pointers, I think not.
This looks fine to me. It's a simple test to see if chan->fe got set
to null (presumably in the above block of code). A null pointer
dereference would be if the first block set *chan* to NULL (as opposed
to chan->fe) and then the if() statement then attempted to inspect
chan->fe.
LGTM.
Devin
--
Devin J. Heitmueller - Kernel Labs
http://www.kernellabs.com
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
