The pointer 'sd->v4l2_dev' is likely to be NULL and dereferenced in the subdev
unregister path. The issue should happen if CONFIG_MEDIA_CONTROLLER is defined.
This patch fixes the issue by setting the pointer to be NULL after it will not
be derefereneced any more in the path.
Cc: Mauro Carvalho Chehab <m.che...@samsung.com>
Cc: Andrzej Hajda <a.ha...@samsung.com>
Cc: Laurent Pinchart <laurent.pinch...@ideasonboard.com>
Cc: Sakari Ailus <sakari.ai...@iki.fi>
Cc: Sylwester Nawrocki <s.nawro...@samsung.com>
Cc: Hans Verkuil <hans.verk...@cisco.com>
Cc: linux-media@vger.kernel.org
Signed-off-by: Liu Ying <ying....@freescale.com>
---
drivers/media/v4l2-core/v4l2-device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/v4l2-core/v4l2-device.c
b/drivers/media/v4l2-core/v4l2-device.c
index 02d1b63..d98d96f 100644
--- a/drivers/media/v4l2-core/v4l2-device.c
+++ b/drivers/media/v4l2-core/v4l2-device.c
@@ -271,7 +271,6 @@ void v4l2_device_unregister_subdev(struct v4l2_subdev *sd)
if (sd->internal_ops && sd->internal_ops->unregistered)
sd->internal_ops->unregistered(sd);
- sd->v4l2_dev = NULL;
#if defined(CONFIG_MEDIA_CONTROLLER)
if (v4l2_dev->mdev) {
@@ -279,6 +278,7 @@ void v4l2_device_unregister_subdev(struct v4l2_subdev *sd)
media_device_unregister_entity(&sd->entity);
}
#endif
+ v4l2_dev = NULL;
video_unregister_device(sd->devnode);
module_put(sd->owner);
}
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
