mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/media/tuners
History
Wang Hai 6e8a52d0ce media: msi001: fix possible null-ptr-deref in msi001_probe() 
[ Upstream commit 3d5831a40d ]

I got a null-ptr-deref report:

BUG: kernel NULL pointer dereference, address: 0000000000000060
...
RIP: 0010:v4l2_ctrl_auto_cluster+0x57/0x270
...
Call Trace:
 msi001_probe+0x13b/0x24b [msi001]
 spi_probe+0xeb/0x130
...
 do_syscall_64+0x35/0xb0

In msi001_probe(), if the creation of control for bandwidth_auto
fails, there will be a null-ptr-deref issue when it is used in
v4l2_ctrl_auto_cluster().

Check dev->hdl.error before v4l2_ctrl_auto_cluster() to fix this bug.

Link: https://lore.kernel.org/linux-media/20211026112348.2878040-1-wanghai38@huawei.com
Fixes: 93203dd6c7 ("[media] msi001: Mirics MSi001 silicon tuner driver")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-01-27 09:00:50 +01:00
..
Kconfig
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
e4000.c
e4000.h
e4000_priv.h
fc001x-common.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
fc0011.c media: tw5864, fc0011: better handle WARN_ON() 2017-06-24 16:19:27 -03:00
fc0011.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fc0012-priv.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
fc0012.c media: fc001[23]: make const gain table arrays static 2017-07-19 15:12:39 -04:00
fc0012.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
fc0013-priv.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
fc0013.c media: fc001[23]: make const gain table arrays static 2017-07-19 15:12:39 -04:00
fc0013.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
fc2580.c
fc2580.h
fc2580_priv.h
it913x.c [media] it913x: add chip device ids for binding 2017-01-31 10:50:34 -02:00
it913x.h [media] it913x: add chip device ids for binding 2017-01-31 10:50:34 -02:00
m88rs6000t.c media: m88rs6000t: avoid potential out-of-bounds reads on arrays 2021-05-22 10:57:30 +02:00
m88rs6000t.h
max2165.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
max2165.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
max2165_priv.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
mc44s803.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
mc44s803.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
mc44s803_priv.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
msi001.c media: msi001: fix possible null-ptr-deref in msi001_probe() 2022-01-27 09:00:50 +01:00
mt20xx.c Revert "[media] dvb_frontend: merge duplicate dvb_tuner_ops.release implementations" 2016-11-18 20:44:33 -02:00
mt20xx.h
mt2060.c media: dvb: i2c transfers over usb cannot be done from stack 2017-09-23 07:21:33 -04:00
mt2060.h [media] mt2060: add param to split long i2c writes 2017-02-03 06:44:03 -02:00
mt2060_priv.h [media] mt2060: implement sleep 2017-02-03 06:55:46 -02:00
mt2063.c [media] dvb_frontend: tuner_ops.release returns void 2016-11-18 15:07:26 -02:00
mt2063.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mt2131.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
mt2131.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
mt2131_priv.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
mt2266.c Revert "[media] dvb_frontend: merge duplicate dvb_tuner_ops.release implementations" 2016-11-18 20:44:33 -02:00
mt2266.h
mxl301rf.c
mxl301rf.h
mxl5005s.c media: tuners: mxl5005s: remove useless variable assignments 2017-06-24 15:29:33 -03:00
mxl5005s.h treewide: remove redundant #include <linux/kconfig.h> 2016-10-11 15:06:33 -07:00
mxl5007t.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
mxl5007t.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
qm1d1c0042.c media: qm1d1c0042: fix error return code in qm1d1c0042_init() 2021-03-03 18:22:42 +01:00
qm1d1c0042.h
qt1010.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
qt1010.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
qt1010_priv.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
r820t.c media: r820t: fix r820t_write_reg for KASAN 2018-02-22 15:42:32 +01:00
r820t.h treewide: remove redundant #include <linux/kconfig.h> 2016-10-11 15:06:33 -07:00
si2157.c media: si2157: Fix "warm" tuner state detection 2022-01-27 09:00:50 +01:00
si2157.h treewide: remove redundant #include <linux/kconfig.h> 2016-10-11 15:06:33 -07:00
si2157_priv.h [media] si2157: Add support for Si2141-A10 2017-04-14 22:27:47 -03:00
tda827x.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
tda827x.h
tda8290.c [media] dvb: make DVB frontend *_ops instances "const" 2016-11-18 15:00:22 -02:00
tda8290.h
tda9887.c [media] dvb: make DVB frontend *_ops instances "const" 2016-11-18 15:00:22 -02:00
tda9887.h
tda18212.c
tda18212.h treewide: remove redundant #include <linux/kconfig.h> 2016-10-11 15:06:33 -07:00
tda18218.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
tda18218.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
tda18218_priv.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
tda18271-common.c [media] tuners: don't break long lines 2016-10-21 10:08:13 -02:00
tda18271-fe.c [media] media drivers: annotate fall-through 2017-05-19 07:10:03 -03:00
tda18271-maps.c media: tuners: make snd_pcm_hardware const 2017-08-20 08:05:25 -04:00
tda18271-priv.h
tda18271.h
tea5761.c Revert "[media] dvb_frontend: merge duplicate dvb_tuner_ops.release implementations" 2016-11-18 20:44:33 -02:00
tea5761.h
tea5767.c Revert "[media] dvb_frontend: merge duplicate dvb_tuner_ops.release implementations" 2016-11-18 20:44:33 -02:00
tea5767.h
tua9001.c
tua9001.h
tua9001_priv.h
tuner-i2c.h
tuner-simple.c media: tuner-simple: fix regression in simple_set_radio_freq 2020-10-29 09:07:01 +01:00
tuner-simple.h
tuner-types.c
tuner-xc2028-types.h
tuner-xc2028.c Merge branch 'patchwork' into v4l_for_linus 2016-12-15 08:38:35 -02:00
tuner-xc2028.h
xc4000.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
xc4000.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
xc5000.c [media] xc5000: Don't spin waiting for analog lock 2017-06-06 07:51:05 -03:00
xc5000.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00