From 161653daccfd120c87b56249ac18d81e05b01ddd Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Fri, 5 Oct 2007 12:26:27 -0700 Subject: V4L: videobuf-core.c avoid NULL dereferences in videobuf-core From: Brandon Philips The return value of videobuf_alloc() is unchecked but this function will return NULL on an error. Check for NULL and make videobuf_reqbufs() return the number of successfully allocated buffers. Also, fix saa7146_video.c and bttv-driver.c to use this returned buffer count. Tested against the vivi driver. Not tested against saa7146 or bt8xx devices. Signed-off-by: Brandon Philips Signed-off-by: Mauro Carvalho Chehab --- linux/drivers/media/common/saa7146_video.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'linux/drivers/media/common/saa7146_video.c') diff --git a/linux/drivers/media/common/saa7146_video.c b/linux/drivers/media/common/saa7146_video.c index c2624b363..67d79a081 100644 --- a/linux/drivers/media/common/saa7146_video.c +++ b/linux/drivers/media/common/saa7146_video.c @@ -1213,6 +1213,8 @@ int saa7146_video_do_ioctl(struct inode *inode, struct file *file, unsigned int mutex_unlock(&q->lock); return err; } + + gbuffers = err; memset(mbuf,0,sizeof(*mbuf)); mbuf->frames = gbuffers; mbuf->size = gbuffers * gbufsize; -- cgit v1.2.3