harperchen 47e8b73bc3 media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() ... When the driver calls cx23885_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer risc->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of cx23885_risc_buffer() and the value of risc->cpu before buffer free. Signed-off-by: harperchen <harperchen1110@gmail.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>		2023-03-19 22:55:33 +01:00
..
altera-ci.c
altera-ci.h
cimax2.c
cimax2.h
cx23885-417.c
cx23885-alsa.c	media: cx23885: Fix snd_card_free call on null card pointer	2021-09-30 10:08:00 +02:00
cx23885-av.c
cx23885-av.h
cx23885-cards.c	media: xc2028: rename the driver from tuner-xc2028	2022-03-12 16:59:50 +01:00
cx23885-core.c	media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()	2023-03-19 22:55:33 +01:00
cx23885-dvb.c	media: xc2028: rename the driver from tuner-xc2028	2022-03-12 16:59:50 +01:00
cx23885-f300.c
cx23885-f300.h
cx23885-i2c.c
cx23885-input.c	media: rc-core: rename ir_raw_event_reset to ir_raw_event_overflow	2022-01-28 19:32:50 +01:00
cx23885-input.h
cx23885-ioctl.c
cx23885-ioctl.h
cx23885-ir.c
cx23885-ir.h
cx23885-reg.h
cx23885-vbi.c
cx23885-video.c	media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()	2023-03-19 22:55:33 +01:00
cx23885-video.h
cx23885.h	media: cx23885-alsa: number of pages should be unsigned long	2020-09-03 11:13:03 +02:00
cx23888-ir.c	media: pci/cx23885: fix repeated words in comments	2022-08-29 15:32:14 +02:00
cx23888-ir.h
Kconfig
Makefile
netup-eeprom.c
netup-eeprom.h
netup-init.c
netup-init.h