From a6752ab43a8b9445f7c9a94f7ca758637b31d568 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Tue, 21 Oct 2008 15:49:34 -0700
Subject: [PATCH] add a v4l patch that was late to arrive

---
 ...n-pointer-in-drivers-video-tvaudio.c.patch | 34 +++++++++++++++++++
 review-2.6.25/series                          |  1 +
 ...n-pointer-in-drivers-video-tvaudio.c.patch | 34 +++++++++++++++++++
 review-2.6.26/series                          |  1 +
 ...n-pointer-in-drivers-video-tvaudio.c.patch | 34 +++++++++++++++++++
 review-2.6.27/series                          |  1 +
 6 files changed, 105 insertions(+)
 create mode 100644 review-2.6.25/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
 create mode 100644 review-2.6.26/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
 create mode 100644 review-2.6.27/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch

diff --git a/review-2.6.25/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch b/review-2.6.25/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
new file mode 100644
index 00000000000..bf3dbe48028
--- /dev/null
+++ b/review-2.6.25/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
@@ -0,0 +1,34 @@
+From 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 Mon Sep 17 00:00:00 2001
+From: Arjan van de Ven <arjan@linux.intel.com>
+Date: Fri, 10 Oct 2008 21:16:12 -0700
+Subject: security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
+
+From: Arjan van de Ven <arjan@linux.intel.com>
+
+commit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
+
+NULL function pointers are very bad security wise. This one got caught by
+kerneloops.org quite a few times, so it's happening in the field....
+
+Fix is simple, check the function pointer for NULL, like 6 other places
+in the same function are already doing.
+
+Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/tvaudio.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/video/tvaudio.c
++++ b/drivers/media/video/tvaudio.c
+@@ -1804,7 +1804,7 @@ static int chip_command(struct i2c_clien
+ 		break;
+ 	case VIDIOC_S_FREQUENCY:
+ 		chip->mode = 0; /* automatic */
+-		if (desc->checkmode) {
++		if (desc->checkmode && desc->setmode) {
+ 			desc->setmode(chip,V4L2_TUNER_MODE_MONO);
+ 			if (chip->prevmode != V4L2_TUNER_MODE_MONO)
+ 				chip->prevmode = -1; /* reset previous mode */
diff --git a/review-2.6.25/series b/review-2.6.25/series
index 10e424268e6..5321fe5ddac 100644
--- a/review-2.6.25/series
+++ b/review-2.6.25/series
@@ -12,3 +12,4 @@ v4l-bttv-prevent-null-pointer-dereference-in-radio_open.patch
 v4l-zr36067-fix-rgbr-pixel-format.patch
 drm-i915-fix-ioremap-of-a-user-address-for-non-root.patch
 x86-work-around-mtrr-mask-setting-v2.patch
+security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
diff --git a/review-2.6.26/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch b/review-2.6.26/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
new file mode 100644
index 00000000000..c0000aace6c
--- /dev/null
+++ b/review-2.6.26/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
@@ -0,0 +1,34 @@
+From 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 Mon Sep 17 00:00:00 2001
+From: Arjan van de Ven <arjan@linux.intel.com>
+Date: Fri, 10 Oct 2008 21:16:12 -0700
+Subject: security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
+
+From: Arjan van de Ven <arjan@linux.intel.com>
+
+commit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
+
+NULL function pointers are very bad security wise. This one got caught by
+kerneloops.org quite a few times, so it's happening in the field....
+
+Fix is simple, check the function pointer for NULL, like 6 other places
+in the same function are already doing.
+
+Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/tvaudio.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/video/tvaudio.c
++++ b/drivers/media/video/tvaudio.c
+@@ -1805,7 +1805,7 @@ static int chip_command(struct i2c_clien
+ 		break;
+ 	case VIDIOC_S_FREQUENCY:
+ 		chip->mode = 0; /* automatic */
+-		if (desc->checkmode) {
++		if (desc->checkmode && desc->setmode) {
+ 			desc->setmode(chip,V4L2_TUNER_MODE_MONO);
+ 			if (chip->prevmode != V4L2_TUNER_MODE_MONO)
+ 				chip->prevmode = -1; /* reset previous mode */
diff --git a/review-2.6.26/series b/review-2.6.26/series
index d8ef35fd83f..98f1b53245b 100644
--- a/review-2.6.26/series
+++ b/review-2.6.26/series
@@ -24,3 +24,4 @@ hwmon-prevent-power-off-on-shuttle-sn68pt.patch
 acpi-ignore-_bqc-object-when-registering-backlight-device.patch
 drm-i915-fix-ioremap-of-a-user-address-for-non-root.patch
 dvb-au0828-add-support-for-another-usb-id-for-hauppauge-hvr950q.patch
+security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
diff --git a/review-2.6.27/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch b/review-2.6.27/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
new file mode 100644
index 00000000000..e2247bf3d08
--- /dev/null
+++ b/review-2.6.27/security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
@@ -0,0 +1,34 @@
+From 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 Mon Sep 17 00:00:00 2001
+From: Arjan van de Ven <arjan@linux.intel.com>
+Date: Fri, 10 Oct 2008 21:16:12 -0700
+Subject: security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
+
+From: Arjan van de Ven <arjan@linux.intel.com>
+
+commit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
+
+NULL function pointers are very bad security wise. This one got caught by
+kerneloops.org quite a few times, so it's happening in the field....
+
+Fix is simple, check the function pointer for NULL, like 6 other places
+in the same function are already doing.
+
+Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/tvaudio.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/video/tvaudio.c
++++ b/drivers/media/video/tvaudio.c
+@@ -1792,7 +1792,7 @@ static int chip_command(struct i2c_clien
+ 		break;
+ 	case VIDIOC_S_FREQUENCY:
+ 		chip->mode = 0; /* automatic */
+-		if (desc->checkmode) {
++		if (desc->checkmode && desc->setmode) {
+ 			desc->setmode(chip,V4L2_TUNER_MODE_MONO);
+ 			if (chip->prevmode != V4L2_TUNER_MODE_MONO)
+ 				chip->prevmode = -1; /* reset previous mode */
diff --git a/review-2.6.27/series b/review-2.6.27/series
index b65aeeb1b07..17313cfd58a 100644
--- a/review-2.6.27/series
+++ b/review-2.6.27/series
@@ -15,3 +15,4 @@ usb-musb_hdrc-build-fixes.patch
 drm-i915-fix-ioremap-of-a-user-address-for-non-root.patch
 dvb-au0828-add-support-for-another-usb-id-for-hauppauge-hvr950q.patch
 dvb-sms1xxx-support-two-new-revisions-of-the-hauppauge-wintv-ministick.patch
+security-avoid-calling-a-null-function-pointer-in-drivers-video-tvaudio.c.patch
-- 
2.47.3