media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs

commit 273caa260035c03d89ad63d72d8cd3d9e5c5e3f1 upstream.

If the device is of type VFL_TYPE_SUBDEV then vdev->ioctl_ops
is NULL so the 'if (!ops->vidioc_query_ext_ctrl)' check would crash.
Add a test for !ops to the condition.

All sub-devices that have controls will use the control framework,
so they do not have an equivalent to ops->vidioc_query_ext_ctrl.
Returning false if ops is NULL is the correct thing to do here.

Fixes: b8c601e8af ("v4l2-compat-ioctl32.c: fix ctrl_is_pointer")
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reported-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ic0d6aa250477471606b525b3b1d9a487e357475c

diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index b665776481226243180b55832f950a793208d769..bd83ec42ef39bdf6394892c843ed705848988d22 100644 (file)
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -604,7 +604,7 @@ static inline bool ctrl_is_pointer(struct file *file, u32 id)
                return ctrl && ctrl->is_ptr;
        }
 
-       if (!ops->vidioc_query_ext_ctrl)
+       if (!ops || !ops->vidioc_query_ext_ctrl)
                return false;
 
        return !ops->vidioc_query_ext_ctrl(file, fh, &qec) &&