1
linux/drivers/media/video/tm6000
Jesper Juhl c659395935 [media] tm6000: Don't use pointer after freeing it in tm6000_ir_fini()
In tm6000_ir_fini() there seems to be a problem.
rc_unregister_device(ir->rc); calls rc_free_device() on the pointer it is
given, which frees it.

Subsequently the function does:

  if (!ir->polling)
    __tm6000_ir_int_stop(ir->rc);

and __tm6000_ir_int_stop() dereferences the pointer it is given, which
has already been freed.

and it also does:

  tm6000_ir_stop(ir->rc);

which also dereferences the (already freed) pointer.

So, it seems that the call to rc_unregister_device() should be move
below the calls to __tm6000_ir_int_stop() and tm6000_ir_stop(), so
those don't operate on a already freed pointer.

But, I must admit that I don't know this code *at all*, so someone who
knows the code should take a careful look before applying this
patch. It is based purely on inspection of facts of what is beeing
freed where and not at all on understanding what the code does or why.
I don't even have a means to test it, so beyond testing that the
change compiles it has seen no testing what-so-ever.

Anyway, here's a proposed patch.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Reviewed-by: Thierry Reding <thierry.reding@avionic-design.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-02-08 10:59:56 -02:00
..
Kconfig [media] tm6000: remove experimental depends 2011-11-28 21:29:32 -02:00
Makefile
tm6000-alsa.c Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-01-15 12:49:56 -08:00
tm6000-cards.c Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-01-15 12:49:56 -08:00
tm6000-core.c [media] tm6000: improve loading speed on hauppauge 900H 2012-01-04 20:37:54 -02:00
tm6000-dvb.c [media] tm6000: dvb doesn't work on usb1.1 2012-01-04 20:45:34 -02:00
tm6000-i2c.c [media] tm6000: improve loading speed on hauppauge 900H 2012-01-04 20:37:54 -02:00
tm6000-input.c [media] tm6000: Don't use pointer after freeing it in tm6000_ir_fini() 2012-02-08 10:59:56 -02:00
tm6000-regs.h [media] tm6000: Fix IR register names 2011-11-30 14:43:06 -02:00
tm6000-stds.c
tm6000-usb-isoc.h
tm6000-video.c [media] tm6000: Fix check for interrupt endpoint 2011-12-11 10:47:37 -02:00
tm6000.h [media] tm6000: automatically load alsa and dvb modules 2011-11-30 16:49:37 -02:00