From d7235394c59ddcc6da35e9280c75dec57516cb2a Mon Sep 17 00:00:00 2001 From: Brian Rogers Date: Thu, 16 Sep 2010 01:49:13 -0700 Subject: [PATCH] ir-core: Fix null dereferences in the protocols sysfs interface For some cards, ir_dev->props and ir_dev->raw are both NULL. These cards are using built-in IR decoding instead of raw, and can't easily be made to switch protocols. So upon reading /sys/class/rc/rc?/protocols on such a card, return 'builtin' as the supported and enabled protocol. Return -EINVAL on any attempts to change the protocol. And most important of all, don't crash. A patch for this has been sent upstream. This version has been backported for Maverick's kernel. Signed-off-by: Brian Rogers --- drivers/media/IR/ir-sysfs.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/media/IR/ir-sysfs.c b/drivers/media/IR/ir-sysfs.c index 21134e0..67dd919 100644 --- a/drivers/media/IR/ir-sysfs.c +++ b/drivers/media/IR/ir-sysfs.c @@ -51,13 +51,14 @@ static ssize_t show_protocols(struct device *d, u64 allowed, enabled; char *tmp = buf; - if (ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { + if (ir_dev->props && ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { enabled = ir_dev->rc_tab.ir_type; allowed = ir_dev->props->allowed_protos; - } else { + } else if (ir_dev->raw) { enabled = ir_dev->raw->enabled_protocols; allowed = ir_raw_get_allowed_protocols(); - } + } else + return sprintf(tmp, "[builtin]\n"); IR_dprintk(1, "allowed - 0x%llx, enabled - 0x%llx\n", (long long)allowed, @@ -137,6 +138,9 @@ static ssize_t store_protocols(struct device *d, int rc; unsigned long flags; + if (!ir_dev->props && !ir_dev->raw) + return -EINVAL; + tmp = skip_spaces(data); if (*tmp == '+') { @@ -209,7 +213,7 @@ static ssize_t store_protocols(struct device *d, } } - if (ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { + if (ir_dev->props && ir_dev->props->driver_type == RC_DRIVER_SCANCODE) { spin_lock_irqsave(&ir_dev->rc_tab.lock, flags); ir_dev->rc_tab.ir_type = type; spin_unlock_irqrestore(&ir_dev->rc_tab.lock, flags); -- 1.7.1