Hi!

> Cc: Aditya Pakki <pakki001@umn.edu>
> Cc: Hans Verkuil <hverkuil-cisco@xs4all.nl>
> Cc: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/media/common/saa7146/saa7146_fops.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/media/common/saa7146/saa7146_fops.c b/drivers/media/common/saa7146/saa7146_fops.c
> index baf5772c52a9..c256146fd3b6 100644
> --- a/drivers/media/common/saa7146/saa7146_fops.c
> +++ b/drivers/media/common/saa7146/saa7146_fops.c
> @@ -95,6 +95,8 @@ void saa7146_buffer_finish(struct saa7146_dev *dev,
>  	DEB_EE("dev:%p, dmaq:%p, state:%d\n", dev, q, state);
>  	DEB_EE("q->curr:%p\n", q->curr);
>  
> +	BUG_ON(!q->curr);
> +
>  	/* finish current buffer */
>  	if (NULL == q->curr) {
>  		DEB_D("aiii. no current buffer\n");

The code is obviously crazy _after_ the revert, so I'd suggest not
reverting it.

But whether this code has any security problems is quite hard to
decide, it was not written with readability in mind :-(.

								Pavel
-- 
http://www.livejournal.com/~pavelmachek