From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-bw0-f46.google.com ([209.85.214.46]:49571 "EHLO mail-bw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755033Ab1DODBx (ORCPT ); Thu, 14 Apr 2011 23:01:53 -0400 Received: by bwz15 with SMTP id 15so1873807bwz.19 for ; Thu, 14 Apr 2011 20:01:52 -0700 (PDT) Date: Fri, 15 Apr 2011 12:04:01 +1000 From: Dmitri Belimov To: Jarod Wilson Cc: linux-media@vger.kernel.org, Dan Carpenter , devel@driverdev.osuosl.org Subject: Re: [PATCH v2] tm6000: fix vbuf may be used uninitialized Message-ID: <20110415120401.61742c82@glory.local> In-Reply-To: <1302634103-9328-1-git-send-email-jarod@redhat.com> References: <1300997220-4354-1-git-send-email-jarod@redhat.com> <1302634103-9328-1-git-send-email-jarod@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit List-ID: Sender: Hi I think it's good. No regression, all works well. With my best regards, Dmitry. > In commit 8aff8ba95155df, most of the manipulations to vbuf inside > copy_streams were gated on if !dev->radio, but one place that touches > vbuf lays outside those gates -- a memcpy of vbuf isn't NULL. If we > initialize vbuf to NULL, that memcpy will never happen in the case > where we do have dev->radio, and otherwise, in the !dev->radio case, > the code behaves exactly like it did prior to 8aff8ba95155df. > > While we're at it, also fix an incorrectly indented closing brace for > one of the sections touching vbuf that is conditional on !dev->radio. > > v2: add a detailed commit log and fix that brace > > CC: Dan Carpenter > CC: Dmitri Belimov > CC: devel@driverdev.osuosl.org > Signed-off-by: Jarod Wilson > --- > drivers/staging/tm6000/tm6000-video.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/staging/tm6000/tm6000-video.c > b/drivers/staging/tm6000/tm6000-video.c index c80a316..8b971a0 100644 > --- a/drivers/staging/tm6000/tm6000-video.c > +++ b/drivers/staging/tm6000/tm6000-video.c > @@ -228,7 +228,7 @@ static int copy_streams(u8 *data, unsigned long > len, unsigned long header = 0; > int rc = 0; > unsigned int cmd, cpysize, pktsize, size, field, block, > line, pos = 0; > - struct tm6000_buffer *vbuf; > + struct tm6000_buffer *vbuf = NULL; > char *voutp = NULL; > unsigned int linewidth; > > @@ -318,7 +318,7 @@ static int copy_streams(u8 *data, unsigned long > len, if (pos + size > vbuf->vb.size) > cmd = > TM6000_URB_MSG_ERR; dev->isoc_ctl.vfield = field; > - } > + } > break; > case TM6000_URB_MSG_VBI: > break; > -- > 1.7.1 >