From c37396c19403e249f12626187d51e92c915f2bc9 Mon Sep 17 00:00:00 2001 From: Jean Delvare <khali@linux-fr.org> Date: Sun, 7 Sep 2008 13:47:03 -0300 Subject: [PATCH] V4L/DVB (8955): bttv: Prevent NULL pointer dereference in radio_open Fix the following crash in the bttv driver: BUG: unable to handle kernel NULL pointer dereference at 000000000000036c IP: [<ffffffffa037860a>] radio_open+0x3a/0x170 [bttv] This happens because radio_open assumes that all present bttv devices have a radio function. If a bttv device without radio and one with radio are installed on the same system, and the one without radio is registered first, then radio_open checks for the radio device number of a bttv device that has no radio function, and this breaks. All we have to do to fix it is to skip bttv devices without a radio function. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> --- drivers/media/video/bt8xx/bttv-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/video/bt8xx/bttv-driver.c b/drivers/media/video/bt8xx/bttv-driver.c index 6ae4cc860efe..933eaef41ead 100644 --- a/drivers/media/video/bt8xx/bttv-driver.c +++ b/drivers/media/video/bt8xx/bttv-driver.c @@ -3431,7 +3431,7 @@ static int radio_open(struct inode *inode, struct file *file) dprintk("bttv: open minor=%d\n",minor); for (i = 0; i < bttv_num; i++) { - if (bttvs[i].radio_dev->minor == minor) { + if (bttvs[i].radio_dev && bttvs[i].radio_dev->minor == minor) { btv = &bttvs[i]; break; } -- 2.30.2