On Tue, 2010-06-22 at 13:41 +0200, Jiri Slaby wrote:
> Stanse found that in ivtvfb_callback_cleanup there is an unneeded test
> for itv being NULL. But itv is initialized as container_of with
> non-zero offset, so it is never NULL (even if v4l2_dev is). This was
> found because itv is dereferenced earlier than the test.
>
> Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
> Cc: Andy Walls <awalls@xxxxxxxxxxxxxxxx>
> Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx>
> Cc: Tejun Heo <tj@xxxxxxxxxx>
> Cc: Ian Armstrong <ian@xxxxxxxxxxxxxxxxxx>
> Cc: ivtv-devel@xxxxxxxxxxxxxx
> Cc: linux-media@xxxxxxxxxxxxxxx
> ---
> drivers/media/video/ivtv/ivtvfb.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/media/video/ivtv/ivtvfb.c b/drivers/media/video/ivtv/ivtvfb.c
> index 9ff3425..5dc460e 100644
> --- a/drivers/media/video/ivtv/ivtvfb.c
> +++ b/drivers/media/video/ivtv/ivtvfb.c
> @@ -1219,7 +1219,7 @@ static int ivtvfb_callback_cleanup(struct device *dev, void *p)
> struct ivtv *itv = container_of(v4l2_dev, struct ivtv, v4l2_dev);
> struct osd_info *oi = itv->osd_info;
>
> - if (itv && (itv->v4l2_cap & V4L2_CAP_VIDEO_OUTPUT)) {
> + if (itv->v4l2_cap & V4L2_CAP_VIDEO_OUTPUT) {
> if (unregister_framebuffer(&itv->osd_info->ivtvfb_info)) {
> IVTVFB_WARN("Framebuffer %d is in use, cannot unload\n",
> itv->instance);
Jiri,
You missed an identical instance of the useless test 10 lines prior in
ivtvfb_callback_init(). :)
How about the patch below, instead?
Regards,
Andy
[PATCH] VIDEO: ivtvfb, fix NULL check
Jiri Slaby reported that stanse found ivtvfb_callback_cleanup has an
unneeded test for itv being NULL. itv was initialized as container_of
with non-zero offset, so it was never NULL (even if v4l2_dev was).
This fix now checks for v4l2_dev being NULL, and not itv.
Thanks to Jiri Slaby for reporting this problem and providing an initial
patch.
Reported-by: Jiri Slaby <jslaby@xxxxxxx>
Signed-off-by: Andy Walls <awalls@xxxxxxxxxxxxxxxx>
Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxx>
Cc: Tejun Heo <tj@xxxxxxxxxx>
Cc: Ian Armstrong <ian@xxxxxxxxxxxxxxxxxx>
Cc: ivtv-devel@xxxxxxxxxxxxxx
Cc: linux-media@xxxxxxxxxxxxxxx
drivers/media/video/ivtv/ivtvfb.c | 21 ++++++++++++++++-----
1 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/media/video/ivtv/ivtvfb.c b/drivers/media/video/ivtv/ivtvfb
index 9ff3425..2b3259c 100644
--- a/drivers/media/video/ivtv/ivtvfb.c
+++ b/drivers/media/video/ivtv/ivtvfb.c
@@ -1201,9 +1201,14 @@ static int ivtvfb_init_card(struct ivtv *itv)
static int __init ivtvfb_callback_init(struct device *dev, void *p)
{
struct v4l2_device *v4l2_dev = dev_get_drvdata(dev);
- struct ivtv *itv = container_of(v4l2_dev, struct ivtv, v4l2_dev);
+ struct ivtv *itv;
- if (itv && (itv->v4l2_cap & V4L2_CAP_VIDEO_OUTPUT)) {
+ if (v4l2_dev == NULL)
+ return 0;
+
+ itv = container_of(v4l2_dev, struct ivtv, v4l2_dev);
+
+ if (itv->v4l2_cap & V4L2_CAP_VIDEO_OUTPUT) {
if (ivtvfb_init_card(itv) == 0) {
IVTVFB_INFO("Framebuffer registered on %s\n",
itv->v4l2_dev.name);
@@ -1216,10 +1221,16 @@ static int __init ivtvfb_callback_init(struct device *de
static int ivtvfb_callback_cleanup(struct device *dev, void *p)
{
struct v4l2_device *v4l2_dev = dev_get_drvdata(dev);
- struct ivtv *itv = container_of(v4l2_dev, struct ivtv, v4l2_dev);
- struct osd_info *oi = itv->osd_info;
+ struct ivtv *itv;
+ struct osd_info *oi;
+
+ if (v4l2_dev == NULL)
+ return 0;
+
+ itv = container_of(v4l2_dev, struct ivtv, v4l2_dev);
+ oi = itv->osd_info;
- if (itv && (itv->v4l2_cap & V4L2_CAP_VIDEO_OUTPUT)) {
+ if (itv->v4l2_cap & V4L2_CAP_VIDEO_OUTPUT) {
if (unregister_framebuffer(&itv->osd_info->ivtvfb_info)) {
IVTVFB_WARN("Framebuffer %d is in use, cannot unload\n",
itv->instance);
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
