linux-media.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] [media] cx231xx: cx231xx_uninit_bulk attempts to reference and free isoc_ctl instead of bulk_ctl
@ 2014-09-29 18:41 Luke Suchocki
  0 siblings, 0 replies; only message in thread
From: Luke Suchocki @ 2014-09-29 18:41 UTC (permalink / raw)
  To: m.chehab; +Cc: linux-media


cx231xx_uninit_bulk() checks that
dev->video_mode.bulk_ctl.transfer_buffer[i] is not NULL, but then calls
usb_free_cohert() with dev->video_mode.isoc_ctl.transfer_buffer[i]
resulting in "BUG: unable to handle NULL pointer dereference" when
closing stream; most likely a cut-and-paste slip from previous
uninit_isoc function.

This will present itself when cx231xx.ko is loaded with
"transfer_mode=0" (USB bulk transfers).

Signed-off-by: Luke Suchocki <kernel@suchocki.net>

--- a/drivers/media/usb/cx231xx/cx231xx-core.c  2014-09-29
13:06:52.006326612 -0500
+++ b/drivers/media/usb/cx231xx/cx231xx-core.c  2014-09-29
13:10:46.796695980 -0500
@@ -943,7 +943,7 @@ void cx231xx_uninit_bulk(struct cx231xx
                        if (dev->video_mode.bulk_ctl.transfer_buffer[i])
{
                                usb_free_coherent(dev->udev,

urb->transfer_buffer_length,
-
dev->video_mode.isoc_ctl.
+
dev->video_mode.bulk_ctl.
                                                transfer_buffer[i],
                                                urb->transfer_dma);




^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2014-09-29 18:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-29 18:41 [PATCH] [media] cx231xx: cx231xx_uninit_bulk attempts to reference and free isoc_ctl instead of bulk_ctl Luke Suchocki

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).