From patchwork Wed Sep 15 12:57:10 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Rogers X-Patchwork-Id: 182522 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id o8FCvDAV010145 for ; Wed, 15 Sep 2010 12:57:13 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752964Ab0IOM5M (ORCPT ); Wed, 15 Sep 2010 08:57:12 -0400 Received: from qmta02.emeryville.ca.mail.comcast.net ([76.96.30.24]:56983 "EHLO qmta02.emeryville.ca.mail.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752923Ab0IOM5M (ORCPT ); Wed, 15 Sep 2010 08:57:12 -0400 Received: from omta24.emeryville.ca.mail.comcast.net ([76.96.30.92]) by qmta02.emeryville.ca.mail.comcast.net with comcast id 70cZ1f0031zF43QA20xBKQ; Wed, 15 Sep 2010 12:57:11 +0000 Received: from [192.168.0.3] ([71.236.132.121]) by omta24.emeryville.ca.mail.comcast.net with comcast id 70xA1f0072dJgfb8k0xAo0; Wed, 15 Sep 2010 12:57:11 +0000 Message-ID: <4C90C2A6.1010408@xyzw.org> Date: Wed, 15 Sep 2010 05:57:10 -0700 From: Brian Rogers User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100903 Thunderbird/3.1.3 MIME-Version: 1.0 To: Jarod Wilson CC: =?ISO-8859-1?Q?David_H=E4rdeman?= , jarod@wilsonet.com, linux-media@vger.kernel.org, mchehab@redhat.com, linux-input@vger.kernel.org Subject: [PATCH] ir-core: Fix null dereferences in the protocols sysfs interface References: <20100613202718.6044.29599.stgit@localhost.localdomain> <20100613202930.6044.97940.stgit@localhost.localdomain> <4C8797D3.1060606@xyzw.org> <20100908141613.GB22323@redhat.com> In-Reply-To: <20100908141613.GB22323@redhat.com> Sender: linux-input-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-input@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Wed, 15 Sep 2010 12:57:13 +0000 (UTC) From 7937051c5e2c8b5b0410172d48e62d54bd1906ee Mon Sep 17 00:00:00 2001 From: Brian Rogers Date: Wed, 8 Sep 2010 05:33:34 -0700 Subject: [PATCH] ir-core: Fix null dereferences in the protocols sysfs interface For some cards, ir_dev->props and ir_dev->raw are both NULL. These cards are using built-in IR decoding instead of raw, and can't easily be made to switch protocols. So upon reading /sys/class/rc/rc?/protocols on such a card, return 'builtin' as the supported and enabled protocol. Return -EINVAL on any attempts to change the protocol. And most important of all, don't crash. Signed-off-by: Brian Rogers --- drivers/media/IR/ir-sysfs.c | 17 +++++++++++------ 1 files changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/media/IR/ir-sysfs.c b/drivers/media/IR/ir-sysfs.c index 96dafc4..46d4246 100644 --- a/drivers/media/IR/ir-sysfs.c +++ b/drivers/media/IR/ir-sysfs.c @@ -67,13 +67,14 @@ static ssize_t show_protocols(struct device *d, char *tmp = buf; int i; - if (ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { + if (ir_dev->props && ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { enabled = ir_dev->rc_tab.ir_type; allowed = ir_dev->props->allowed_protos; - } else { + } else if (ir_dev->raw) { enabled = ir_dev->raw->enabled_protocols; allowed = ir_raw_get_allowed_protocols(); - } + } else + return sprintf(tmp, "[builtin]\n"); IR_dprintk(1, "allowed - 0x%llx, enabled - 0x%llx\n", (long long)allowed, @@ -121,10 +122,14 @@ static ssize_t store_protocols(struct device *d, int rc, i, count = 0; unsigned long flags; - if (ir_dev->props->driver_type == RC_DRIVER_SCANCODE) + if (ir_dev->props && ir_dev->props->driver_type == RC_DRIVER_SCANCODE) type = ir_dev->rc_tab.ir_type; - else + else if (ir_dev->raw) type = ir_dev->raw->enabled_protocols; + else { + IR_dprintk(1, "Protocol switching not supported\n"); + return -EINVAL; + } while ((tmp = strsep((char **) &data, " \n")) != NULL) { if (!*tmp) @@ -185,7 +190,7 @@ static ssize_t store_protocols(struct device *d, } } - if (ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { + if (ir_dev->props && ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { spin_lock_irqsave(&ir_dev->rc_tab.lock, flags); ir_dev->rc_tab.ir_type = type; spin_unlock_irqrestore(&ir_dev->rc_tab.lock, flags); -- 1.7.1