V4L/DVB: gspca - main: Fix a crash in gspca_frame_add()

Some webcams as ov511 may find many times an end of image.
In this case, with the last patch in image concatenation
(commit 799b1bd41f398054d46fd35f73abd01c4009f6ca),
the image pointer was NULL and the system crashed in memcpy().

Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

drivers/media/video/gspca/gspca.c

@@ -440,10 +440,15 @@ void gspca_frame_add(struct gspca_dev *gspca_dev,
 		frame->v4l2_buf.sequence = ++gspca_dev->sequence;
 		gspca_dev->image = frame->data;
 		gspca_dev->image_len = 0;
-	} else if (gspca_dev->last_packet_type == DISCARD_PACKET) {
-		if (packet_type == LAST_PACKET)
-			gspca_dev->last_packet_type = packet_type;
-		return;
+	} else {
+		switch (gspca_dev->last_packet_type) {
+		case DISCARD_PACKET:
+			if (packet_type == LAST_PACKET)
+				gspca_dev->last_packet_type = packet_type;
+			return;
+		case LAST_PACKET:
+			return;
+		}
 	}
 
 	/* append the packet to the frame buffer */
@@ -454,6 +459,12 @@ void gspca_frame_add(struct gspca_dev *gspca_dev,
 				gspca_dev->frsz);
 			packet_type = DISCARD_PACKET;
 		} else {
+/* !! image is NULL only when last pkt is LAST or DISCARD
+			if (gspca_dev->image == NULL) {
+				err("gspca_frame_add() image == NULL");
+				return;
+			}
+ */
 			memcpy(gspca_dev->image + gspca_dev->image_len,
 				data, len);
 			gspca_dev->image_len += len;