From patchwork Tue Apr 12 18:48:23 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarod Wilson X-Patchwork-Id: 701601 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p3CImnBt006658 for ; Tue, 12 Apr 2011 18:48:49 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755290Ab1DLSss (ORCPT ); Tue, 12 Apr 2011 14:48:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33529 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754305Ab1DLSsr (ORCPT ); Tue, 12 Apr 2011 14:48:47 -0400 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p3CImirE017478 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 12 Apr 2011 14:48:45 -0400 Received: from xavier.bos.redhat.com (xavier.bos.redhat.com [10.16.16.50]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p3CImi7g007596; Tue, 12 Apr 2011 14:48:44 -0400 From: Jarod Wilson To: linux-media@vger.kernel.org Cc: Jarod Wilson , Dan Carpenter , Dmitri Belimov , devel@driverdev.osuosl.org Subject: [PATCH v2] tm6000: fix vbuf may be used uninitialized Date: Tue, 12 Apr 2011 14:48:23 -0400 Message-Id: <1302634103-9328-1-git-send-email-jarod@redhat.com> In-Reply-To: <1300997220-4354-1-git-send-email-jarod@redhat.com> References: <1300997220-4354-1-git-send-email-jarod@redhat.com> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Tue, 12 Apr 2011 18:48:50 +0000 (UTC) In commit 8aff8ba95155df, most of the manipulations to vbuf inside copy_streams were gated on if !dev->radio, but one place that touches vbuf lays outside those gates -- a memcpy of vbuf isn't NULL. If we initialize vbuf to NULL, that memcpy will never happen in the case where we do have dev->radio, and otherwise, in the !dev->radio case, the code behaves exactly like it did prior to 8aff8ba95155df. While we're at it, also fix an incorrectly indented closing brace for one of the sections touching vbuf that is conditional on !dev->radio. v2: add a detailed commit log and fix that brace CC: Dan Carpenter CC: Dmitri Belimov CC: devel@driverdev.osuosl.org Signed-off-by: Jarod Wilson --- drivers/staging/tm6000/tm6000-video.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/tm6000/tm6000-video.c b/drivers/staging/tm6000/tm6000-video.c index c80a316..8b971a0 100644 --- a/drivers/staging/tm6000/tm6000-video.c +++ b/drivers/staging/tm6000/tm6000-video.c @@ -228,7 +228,7 @@ static int copy_streams(u8 *data, unsigned long len, unsigned long header = 0; int rc = 0; unsigned int cmd, cpysize, pktsize, size, field, block, line, pos = 0; - struct tm6000_buffer *vbuf; + struct tm6000_buffer *vbuf = NULL; char *voutp = NULL; unsigned int linewidth; @@ -318,7 +318,7 @@ static int copy_streams(u8 *data, unsigned long len, if (pos + size > vbuf->vb.size) cmd = TM6000_URB_MSG_ERR; dev->isoc_ctl.vfield = field; - } + } break; case TM6000_URB_MSG_VBI: break;