V4L/DVB (6305): V4L: videobuf-core.c avoid NULL dereferences in videobuf-core

			mutex_unlock(&q->lock);

			return err;

		}

		gbuffers = err;

		memset(mbuf,0,sizeof(*mbuf));

		mbuf->frames = gbuffers;

		mbuf->size   = gbuffers * gbufsize;

					     V4L2_MEMORY_MMAP);

		if (retval < 0)

			goto fh_unlock_and_return;

		gbuffers = retval;

		memset(mbuf,0,sizeof(*mbuf));

		mbuf->frames = gbuffers;

		mbuf->size   = gbuffers * gbufsize;

		goto done;

	}

	req->count = count;

	req->count = retval;

 done:

	mutex_unlock(&q->lock);

{

	enum v4l2_field field;

	unsigned long flags=0;

	int count = 0, size = 0;

	unsigned int count = 0, size = 0;

	int err, i;

	q->ops->buf_setup(q,&count,&size);

	size = PAGE_ALIGN(size);

	err = videobuf_mmap_setup(q, count, size, V4L2_MEMORY_USERPTR);

	if (err)

	if (err < 0)

		return err;

	count = err;

	for (i = 0; i < count; i++) {

		field = videobuf_next_field(q);

		err = q->ops->buf_prepare(q,q->bufs[i],field);

	for (i = 0; i < bcount; i++) {

		q->bufs[i] = videobuf_alloc(q);

		if (q->bufs[i] == NULL)

			break;

		q->bufs[i]->i      = i;

		q->bufs[i]->input  = UNSET;

		q->bufs[i]->memory = memory;

		}

	}

	if (!i)

		return -ENOMEM;

	dprintk(1,"mmap setup: %d buffers, %d bytes each\n",

		bcount,bsize);

		i, bsize);

	return 0;

	return i;

}

int videobuf_mmap_free(struct videobuf_queue *q)