Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp574526ybl; Fri, 24 Jan 2020 05:47:04 -0800 (PST) X-Google-Smtp-Source: APXvYqz1RgreRdC7zTJeAlL1Ig3uy+MNab1LVe9R8Dk4LOzWG9etU+18nJHmwbVI7Nrazdluozop X-Received: by 2002:aca:d787:: with SMTP id o129mr2077824oig.75.1579873624018; Fri, 24 Jan 2020 05:47:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579873624; cv=none; d=google.com; s=arc-20160816; b=YctJ/TFrZcGgyAdMI+u0eBoWXMTtYZ0fJC4m85S8tIH3w9mhgVF0knzwran+gS3x1h cVO9eXXlpV21sd/NyBZuIp+3+TQvAaxXHXwR6+9RyJwxS7aqQt4g5Y+28390g2H7IbGR U/SeWHrk7/unwQVel3K8EvuCNz8Y7KL2QYLPKm5e9gJyRNgXUAyQdQ2YGUEvix4hoEVT aydTbqZSYlR637n7CFyLVqMEdb3ikFbACAZndcBQ4/COdB9A2XS4riH3/EaneP6Hgy29 5GuJYuNzfOuhCVjGnRenTJV8FuF4SASttHi6ry9kCJ0faeXOOjK8KzgkniAj0R6hlYK4 1qzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=03qg0AiW0eVGKjnnDoGE7rr1K6e5BXyZHji+d+P53fg=; b=0qM0aFzH2DyI+7aAIo0onpqq72DTcG5jZSJLmkqh33PTnuK8XF5vzur2/BTe2Z/f92 NGPW+cifzdsZrC+oFjR3b6njnvlQQeZ3U79we+I3OwGIHI5dINfGZPBQOg17M8j23pMM I1zq4hgii+N8QWh7HIIcSGmje4tH6KiRpZ4fcCOLb3Q/qU7yow5cBfYTGy5mSdfNuuaN U8KtIm+4K6bHclqvlTNSgLEZIzuI+iq/XWGKnIZ9vOfQirDLsVxA8ZIV7uF5NxpwoL+Z L2pHnAawCXg33BTc6qbzoi+klaaIdWybODi0f7GjUzamOU0inliO54/j/L/bnxnEN2gU o9NQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yLY4CAJi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e1si3034925otj.276.2020.01.24.05.46.51; Fri, 24 Jan 2020 05:47:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yLY4CAJi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388495AbgAXJ4E (ORCPT + 99 others); Fri, 24 Jan 2020 04:56:04 -0500 Received: from mail.kernel.org ([198.145.29.99]:59710 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731830AbgAXJ4E (ORCPT ); Fri, 24 Jan 2020 04:56:04 -0500 Received: from localhost (unknown [145.15.244.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8040A20718; Fri, 24 Jan 2020 09:56:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579859763; bh=ZgCg7PwdWQQ51VpUPtQrqvjOkoDFiL+F8qHs3fwrhZw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yLY4CAJidnsgwumtYMCTrilncvprKB3+9l6kH3M7B0SuK+4r/LQccEnCOR1ku1m7c IzSIbN9TgLFhI7wGIj6g1IBBE545GbBnufHgCGDPkavaifdQFpYgVLOstSrVmru92g zXfFmrQMa7HWfv/IoN+0MAP4XG2q030csJhAtTNY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, YueHaibing , Hans Verkuil , Mauro Carvalho Chehab , Sasha Levin Subject: [PATCH 4.14 155/343] media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame Date: Fri, 24 Jan 2020 10:29:33 +0100 Message-Id: <20200124092940.367465716@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200124092919.490687572@linuxfoundation.org> References: <20200124092919.490687572@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: YueHaibing [ Upstream commit 2e7682ebfc750177a4944eeb56e97a3f05734528 ] 'vb' null check should be done before dereferencing it in tw5864_handle_frame, otherwise a NULL pointer dereference may occur. Fixes: 34d1324edd31 ("[media] pci: Add tw5864 driver") Signed-off-by: YueHaibing Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/media/pci/tw5864/tw5864-video.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/pci/tw5864/tw5864-video.c b/drivers/media/pci/tw5864/tw5864-video.c index e7bd2b8484e3d..ee1230440b397 100644 --- a/drivers/media/pci/tw5864/tw5864-video.c +++ b/drivers/media/pci/tw5864/tw5864-video.c @@ -1395,13 +1395,13 @@ static void tw5864_handle_frame(struct tw5864_h264_frame *frame) input->vb = NULL; spin_unlock_irqrestore(&input->slock, flags); - v4l2_buf = to_vb2_v4l2_buffer(&vb->vb.vb2_buf); - if (!vb) { /* Gone because of disabling */ dev_dbg(&dev->pci->dev, "vb is empty, dropping frame\n"); return; } + v4l2_buf = to_vb2_v4l2_buffer(&vb->vb.vb2_buf); + /* * Check for space. * Mind the overhead of startcode emulation prevention. -- 2.20.1