On Thu, Oct 18, 2012 at 11:47 AM, Peter Senna Tschudin <peter.senna@xxxxxxxxx> wrote: > This patch fixes a NULL pointer dereference bug at __vb2_init_fileio(). > The NULL pointer deference happens at videobuf2-core.c: > > static size_t __vb2_perform_fileio(struct vb2_queue *q, char __user *data, size_t count, > loff_t *ppos, int nonblock, int read) > { > ... > if (!q->fileio) { > ret = __vb2_init_fileio(q, read); > dprintk(3, "file io: vb2_init_fileio result: %d\n", ret); > if (ret) > return ret; > } > fileio = q->fileio; // NULL pointer deference here > ... > } > > It was tested with vivi driver and qv4l2 for selecting read() as capture method. > The OOPS happened when I've artificially forced the error by commenting the line: > if (fileio->bufs[i].vaddr == NULL) > ... but if you manually changed the original source, how can this be a real BUG? Or am I missing something here ? Ezequiel -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html