Hi Liu,
Thank you for the patch.
On Wednesday 30 April 2014 12:25:21 Liu Ying wrote:
> The pointer 'sd->v4l2_dev' is likely to be NULL and dereferenced in the
> subdev unregister path. The issue should happen if CONFIG_MEDIA_CONTROLLER
> is defined.
>
> This patch fixes the issue by setting the pointer to be NULL after it will
> not be derefereneced any more in the path.
I'm not sure to understand the problem. Where do you see sd->v4l2_dev being
(potentially) dereferenced after being set to NULL ?
> Cc: Mauro Carvalho Chehab <m.chehab@xxxxxxxxxxx>
> Cc: Andrzej Hajda <a.hajda@xxxxxxxxxxx>
> Cc: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx>
> Cc: Sakari Ailus <sakari.ailus@xxxxxx>
> Cc: Sylwester Nawrocki <s.nawrocki@xxxxxxxxxxx>
> Cc: Hans Verkuil <hans.verkuil@xxxxxxxxx>
> Cc: linux-media@xxxxxxxxxxxxxxx
> Signed-off-by: Liu Ying <Ying.Liu@xxxxxxxxxxxxx>
> ---
> drivers/media/v4l2-core/v4l2-device.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/media/v4l2-core/v4l2-device.c
> b/drivers/media/v4l2-core/v4l2-device.c index 02d1b63..d98d96f 100644
> --- a/drivers/media/v4l2-core/v4l2-device.c
> +++ b/drivers/media/v4l2-core/v4l2-device.c
> @@ -271,7 +271,6 @@ void v4l2_device_unregister_subdev(struct v4l2_subdev
> *sd)
>
> if (sd->internal_ops && sd->internal_ops->unregistered)
> sd->internal_ops->unregistered(sd);
> - sd->v4l2_dev = NULL;
>
> #if defined(CONFIG_MEDIA_CONTROLLER)
> if (v4l2_dev->mdev) {
> @@ -279,6 +278,7 @@ void v4l2_device_unregister_subdev(struct v4l2_subdev
> *sd) media_device_unregister_entity(&sd->entity);
> }
> #endif
> + v4l2_dev = NULL;
> video_unregister_device(sd->devnode);
> module_put(sd->owner);
> }
--
Regards,
Laurent Pinchart
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
