BUG: cx23885_video_register() uninitialized value passed to v4l2_subdev

All of lore.kernel.org
 help / color / mirror / Atom feed

* BUG: cx23885_video_register() uninitialized value passed to v4l2_subdev_call()
@ 2009-10-01  7:06 David T. L. Wong
  2009-10-01 13:41 ` Steven Toth
  0 siblings, 1 reply; 2+ messages in thread
From: David T. L. Wong @ 2009-10-01  7:06 UTC (permalink / raw)
  To: linux-media

Hi all,

   A potential bug is found in cx23885_video_register().

   A tuner_setup struct is passed to v4l2_subdev_call(),
but that struct is not fully initialized, especially for tuner_callback 
member, and eventually tuner_s_type_addr() copy that wrong pointer.
It would particularly cause seg. fault for xc5000 tuner for analog 
frontend when it calls fe->callback at xc5000_TunerReset().

Regards,
David T.L. Wong

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: BUG: cx23885_video_register() uninitialized value passed to v4l2_subdev_call()
  2009-10-01  7:06 BUG: cx23885_video_register() uninitialized value passed to v4l2_subdev_call() David T. L. Wong
@ 2009-10-01 13:41 ` Steven Toth
  0 siblings, 0 replies; 2+ messages in thread
From: Steven Toth @ 2009-10-01 13:41 UTC (permalink / raw)
  To: David T. L. Wong; +Cc: linux-media

On 10/1/09 3:06 AM, David T. L. Wong wrote:
> Hi all,
>
> A potential bug is found in cx23885_video_register().
>
> A tuner_setup struct is passed to v4l2_subdev_call(),
> but that struct is not fully initialized, especially for tuner_callback
> member, and eventually tuner_s_type_addr() copy that wrong pointer.
> It would particularly cause seg. fault for xc5000 tuner for analog
> frontend when it calls fe->callback at xc5000_TunerReset().

Thanks for raising this.

I also discovered this last Saturday. I have a patch for this which I expect to 
merge shortly.

Regards,

Steve

-- 
Steven Toth - Kernel Labs
http://www.kernellabs.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-10-01 13:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-01  7:06 BUG: cx23885_video_register() uninitialized value passed to v4l2_subdev_call() David T. L. Wong
2009-10-01 13:41 ` Steven Toth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.