[PATCH] [media] saa7146: check return value of saa7146_format_by_fourcc() to avoid NULL pointer

[Ethan Zhao]

Function saa7146_format_by_fourcc() may return NULL, reference of the returned
result would cause NULL pointer issue without checking.

Signed-off-by: Ethan Zhao <ethan.kernel@xxxxxxxxx>
---
 drivers/media/common/saa7146/saa7146_hlp.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/drivers/media/common/saa7146/saa7146_hlp.c b/drivers/media/common/saa7146/saa7146_hlp.c
index be746d1..1c9518b 100644
--- a/drivers/media/common/saa7146/saa7146_hlp.c
+++ b/drivers/media/common/saa7146/saa7146_hlp.c
@@ -575,6 +575,7 @@ static void saa7146_set_position(struct saa7146_dev *dev, int w_x, int w_y, int
 	 */
 	u32 base = (u32)(unsigned long)vv->ov_fb.base;
 
+	int which = 1;
 	struct	saa7146_video_dma vdma1;
 
 	/* calculate memory offsets for picture, look if we shall top-down-flip */
@@ -608,10 +609,14 @@ static void saa7146_set_position(struct saa7146_dev *dev, int w_x, int w_y, int
 		vdma1.pitch *= -1;
 	}
 
-	vdma1.base_page = sfmt->swap;
+	if (sfmt)
+		vdma1.base_page = sfmt->swap;
+	else
+		which = 0;
+
 	vdma1.num_line_byte = (vv->standard->v_field<<16)+vv->standard->h_pixels;
 
-	saa7146_write_out_dma(dev, 1, &vdma1);
+	saa7146_write_out_dma(dev, which, &vdma1);
 }
 
 static void saa7146_set_output_format(struct saa7146_dev *dev, unsigned long palette)
@@ -713,7 +718,12 @@ static int calculate_video_dma_grab_packed(struct saa7146_dev* dev, struct saa71
 	int bytesperline = buf->fmt->bytesperline;
 	enum v4l2_field field = buf->fmt->field;
 
-	int depth = sfmt->depth;
+	int depth;
+
+	if (sfmt)
+		depth = sfmt->depth;
+	else
+		return -EINVAL;
 
 	DEB_CAP("[size=%dx%d,fields=%s]\n",
 		width, height, v4l2_field_names[field]);
@@ -837,6 +847,9 @@ static int calculate_video_dma_grab_planar(struct saa7146_dev* dev, struct saa71
 	int height = buf->fmt->height;
 	enum v4l2_field field = buf->fmt->field;
 
+	if (!sfmt)
+		return -EINVAL;
+
 	BUG_ON(0 == buf->pt[0].dma);
 	BUG_ON(0 == buf->pt[1].dma);
 	BUG_ON(0 == buf->pt[2].dma);
@@ -1004,6 +1017,9 @@ void saa7146_set_capture(struct saa7146_dev *dev, struct saa7146_buf *buf, struc
 
 	DEB_CAP("buf:%p, next:%p\n", buf, next);
 
+	if (!sfmt)
+		return;
+
 	vdma1_prot_addr = saa7146_read(dev, PROT_ADDR1);
 	if( 0 == vdma1_prot_addr ) {
 		/* clear out beginning of streaming bit (rps register 0)*/
-- 
1.8.3.4 (Apple Git-47)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/