add a v4l patch that was late to arrive

diff --git a/review-2.6.25/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch b/review-2.6.25/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
new file mode 100644 (file)
index 0000000..bf3dbe4
--- /dev/null
+++ b/review-2.6.25/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
@@ -0,0 +1,34 @@
+From 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 Mon Sep 17 00:00:00 2001
+From: Arjan van de Ven <arjan@linux.intel.com>
+Date: Fri, 10 Oct 2008 21:16:12 -0700
+Subject: security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
+
+From: Arjan van de Ven <arjan@linux.intel.com>
+
+commit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
+
+NULL function pointers are very bad security wise. This one got caught by
+kerneloops.org quite a few times, so it's happening in the field....
+
+Fix is simple, check the function pointer for NULL, like 6 other places
+in the same function are already doing.
+
+Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/tvaudio.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/video/tvaudio.c
++++ b/drivers/media/video/tvaudio.c
+@@ -1804,7 +1804,7 @@ static int chip_command(struct i2c_clien
+               break;
+       case VIDIOC_S_FREQUENCY:
+               chip->mode = 0; /* automatic */
+-              if (desc->checkmode) {
++              if (desc->checkmode && desc->setmode) {
+                       desc->setmode(chip,V4L2_TUNER_MODE_MONO);
+                       if (chip->prevmode != V4L2_TUNER_MODE_MONO)
+                               chip->prevmode = -1; /* reset previous mode */

diff --git a/review-2.6.25/series b/review-2.6.25/series
index 10e424268e6f076ce5174b6f3adc7b44e34184da..5321fe5ddac8dc0ea91506d5def6fd62cb74be5b 100644 (file)
--- a/review-2.6.25/series
+++ b/review-2.6.25/series
@@ -12,3 +12,4 @@ v4l-bttv-prevent-null-pointer-dereference-in-radio_open.patch
 v4l-zr36067-fix-rgbr-pixel-format.patch
 drm-i915-fix-ioremap-of-a-user-address-for-non-root.patch
 x86-work-around-mtrr-mask-setting-v2.patch
+security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch

diff --git a/review-2.6.26/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch b/review-2.6.26/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
new file mode 100644 (file)
index 0000000..c0000aa
--- /dev/null
+++ b/review-2.6.26/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
@@ -0,0 +1,34 @@
+From 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 Mon Sep 17 00:00:00 2001
+From: Arjan van de Ven <arjan@linux.intel.com>
+Date: Fri, 10 Oct 2008 21:16:12 -0700
+Subject: security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
+
+From: Arjan van de Ven <arjan@linux.intel.com>
+
+commit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
+
+NULL function pointers are very bad security wise. This one got caught by
+kerneloops.org quite a few times, so it's happening in the field....
+
+Fix is simple, check the function pointer for NULL, like 6 other places
+in the same function are already doing.
+
+Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/tvaudio.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/video/tvaudio.c
++++ b/drivers/media/video/tvaudio.c
+@@ -1805,7 +1805,7 @@ static int chip_command(struct i2c_clien
+               break;
+       case VIDIOC_S_FREQUENCY:
+               chip->mode = 0; /* automatic */
+-              if (desc->checkmode) {
++              if (desc->checkmode && desc->setmode) {
+                       desc->setmode(chip,V4L2_TUNER_MODE_MONO);
+                       if (chip->prevmode != V4L2_TUNER_MODE_MONO)
+                               chip->prevmode = -1; /* reset previous mode */

diff --git a/review-2.6.26/series b/review-2.6.26/series
index d8ef35fd83f7d65cd86a2e5d35dc77f40a2f4276..98f1b53245b1ec6821276f3ef3d2771ec53286e9 100644 (file)
--- a/review-2.6.26/series
+++ b/review-2.6.26/series
@@ -24,3 +24,4 @@ hwmon-prevent-power-off-on-shuttle-sn68pt.patch
 acpi-ignore-_bqc-object-when-registering-backlight-device.patch
 drm-i915-fix-ioremap-of-a-user-address-for-non-root.patch
 dvb-au0828-add-support-for-another-usb-id-for-hauppauge-hvr950q.patch
+security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch

diff --git a/review-2.6.27/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch b/review-2.6.27/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
new file mode 100644 (file)
index 0000000..e2247bf
--- /dev/null
+++ b/review-2.6.27/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
@@ -0,0 +1,34 @@
+From 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 Mon Sep 17 00:00:00 2001
+From: Arjan van de Ven <arjan@linux.intel.com>
+Date: Fri, 10 Oct 2008 21:16:12 -0700
+Subject: security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
+
+From: Arjan van de Ven <arjan@linux.intel.com>
+
+commit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
+
+NULL function pointers are very bad security wise. This one got caught by
+kerneloops.org quite a few times, so it's happening in the field....
+
+Fix is simple, check the function pointer for NULL, like 6 other places
+in the same function are already doing.
+
+Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/tvaudio.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/video/tvaudio.c
++++ b/drivers/media/video/tvaudio.c
+@@ -1792,7 +1792,7 @@ static int chip_command(struct i2c_clien
+               break;
+       case VIDIOC_S_FREQUENCY:
+               chip->mode = 0; /* automatic */
+-              if (desc->checkmode) {
++              if (desc->checkmode && desc->setmode) {
+                       desc->setmode(chip,V4L2_TUNER_MODE_MONO);
+                       if (chip->prevmode != V4L2_TUNER_MODE_MONO)
+                               chip->prevmode = -1; /* reset previous mode */

diff --git a/review-2.6.27/series b/review-2.6.27/series
index b65aeeb1b0707d90cdf43355bbe349d0f524deea..17313cfd58ab0501d9f3dea73b059e24b72c0274 100644 (file)
--- a/review-2.6.27/series
+++ b/review-2.6.27/series
@@ -15,3 +15,4 @@ usb-musb_hdrc-build-fixes.patch
 drm-i915-fix-ioremap-of-a-user-address-for-non-root.patch
 dvb-au0828-add-support-for-another-usb-id-for-hauppauge-hvr950q.patch
 dvb-sms1xxx-support-two-new-revisions-of-the-hauppauge-wintv-ministick.patch
+security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch