Patch "media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt" has been added to the 4.4-stable tree - Linux-stable-mirror

22 Mar 2018

This is a note to let you know that I've just added the patch titled
media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt
to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is:
     media-c8sectpfe-fix-potential-null-pointer-dereference-in-c8sectpfe_timer_interrupt.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let stable@vger.kernel.org know about it.
...
From foo@baz Thu Mar 22 14:57:32 CET 2018
From: "Gustavo A. R. Silva" garsilva@embeddedor.com
Date: Mon, 20 Nov 2017 09:00:55 -0500
Subject: media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt
From: "Gustavo A. R. Silva" garsilva@embeddedor.com
[ Upstream commit baed3c4bc4c13de93e0dba0a26d601411ebcb389 ]
_channel_ is being dereferenced before it is null checked, hence there is a
potential null pointer dereference. Fix this by moving the pointer dereference
after _channel_ has been null checked.
This issue was detected with the help of Coccinelle.
Fixes: c5f5d0f99794 ("[media] c8sectpfe: STiH407/10 Linux DVB demux support")
Signed-off-by: Gustavo A. R. Silva garsilva@embeddedor.com
Acked-by: Patrice Chotard patrice.chotard@st.com
Signed-off-by: Mauro Carvalho Chehab mchehab@s-opensource.com
Signed-off-by: Sasha Levin alexander.levin@microsoft.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
---
 drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c
+++ b/drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c
@@ -83,7 +83,7 @@ static void c8sectpfe_timer_interrupt(un
 static void channel_swdemux_tsklet(unsigned long data)
 {
    struct channel_info *channel = (struct channel_info *)data;
-	struct c8sectpfei *fei = channel->fei;
+	struct c8sectpfei *fei;
    unsigned long wp, rp;
    int pos, num_packets, n, size;
    u8 *buf;
@@ -91,6 +91,8 @@ static void channel_swdemux_tsklet(unsig
    if (unlikely(!channel || !channel->irec))
    	return;
+	fei = channel->fei;
+
    wp = readl(channel->irec + DMA_PRDS_BUSWP_TP(0));
    rp = readl(channel->irec + DMA_PRDS_BUSRP_TP(0));
Patches currently in stable-queue which might be from garsilva@embeddedor.com are
queue-4.4/media-c8sectpfe-fix-potential-null-pointer-dereference-in-c8sectpfe_timer_interrupt.patch

    