projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6339204)
V4L/DVB: Fix the risk of an oops at dvb_dmx_release
authorMauro Carvalho Chehab <[email protected]>
Mon, 1 Feb 2010 13:35:22 +0000 (10:35 -0300)
committerMauro Carvalho Chehab <[email protected]>
Mon, 8 Feb 2010 12:45:24 +0000 (10:45 -0200)
dvb_dmx_init tries to allocate virtual memory for 2 pointers: filter and feed.

If the second vmalloc fails, filter is freed, but the pointer keeps pointing
to the old place. Later, when dvb_dmx_release() is called, it will try to
free an already freed memory, causing an OOPS.

Reviewed-by: Andy Walls <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
drivers/media/dvb/dvb-core/dvb_demux.c patch | blob | history

diff --git a/drivers/media/dvb/dvb-core/dvb_demux.c b/drivers/media/dvb/dvb-core/dvb_demux.c
index b78cfb7d1897dcb956508f034cdfffb1e5af3174..a78408e76e7548a9b15a00344536c0393cf2f540 100644 (file)
--- a/drivers/media/dvb/dvb-core/dvb_demux.c
+++ b/drivers/media/dvb/dvb-core/dvb_demux.c
@@ -1246,6 +1246,7 @@ int dvb_dmx_init(struct dvb_demux *dvbdemux)
        dvbdemux->feed = vmalloc(dvbdemux->feednum * sizeof(struct dvb_demux_feed));
        if (!dvbdemux->feed) {
                vfree(dvbdemux->filter);
+               dvbdemux->filter = NULL;
                return -ENOMEM;
        }
        for (i = 0; i < dvbdemux->filternum; i++) {
John Crispins staging tree