On Mon, Sep 19, 2016 at 8:51 PM, Alexandre-Xavier Labonté-Lamoureux <axdoomer@xxxxxxxxx> wrote: > Hi people, > > In the file "/linux/drivers/media/pci/ngene/ngene-core.c", there is a > null pointer dereference at line 1480. > > Code in the function "static int init_channel(struct ngene_channel *chan)" > ====================================== > if (io & NGENE_IO_TSIN) { > chan->fe = NULL; // Set to NULL > if (ni->demod_attach[nr]) { // First condition > ret = ni->demod_attach[nr](chan); > if (ret < 0) // Another condition > goto err; // Goto that avoids > the problem > } > if (chan->fe && ni->tuner_attach[nr]) { // Condition that > tests the null pointer > ret = ni->tuner_attach[nr](chan); > if (ret < 0) > goto err; > } > } > ===================================== > > "chan->fe" is set to NULL, then it tests for something (I have no idea > what it's doing, I know nothing about this driver), if the results of > the first two if conditions fail to reach the goto, then it will test > the condition with the null pointer, which will cause a crash. I don't > know if the kernel can recover from null pointers, I think not. This looks fine to me. It's a simple test to see if chan->fe got set to null (presumably in the above block of code). A null pointer dereference would be if the first block set *chan* to NULL (as opposed to chan->fe) and then the if() statement then attempted to inspect chan->fe. LGTM. Devin -- Devin J. Heitmueller - Kernel Labs http://www.kernellabs.com -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html