Der Mickster wrote:
> I could introduce the changes in emi62.c if I understood the exact
> nature of said changes;
Replace line 170:
} while (i > 0);
with:
} while (rec);
Would you be OK with your email in the patch below?
==========
emi62: fix crash when loading EMI 6|2 firmware
While converting emi62 to use request_firmware(), the driver was
also changed to use the ihex helper functions. However, this broke
the loading of the FPGA firmware because the code tries to access
the addr field of the EOF record which works with a plain array that
has an empty last record but not with the ihex helper functions
where the end of the data is signaled with a NULL record pointer,
resulting in:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f80d248c>] emi62_load_firmware+0x33c/0x740 [emi62]
This can be fixed by changing the loop condition to test the return
value of ihex_next_binrec() directly (like in emi26.c).
Signed-off-by: Clemens Ladisch <clemens@xxxxxxxxxx>
Reported-and-tested-by: Der Mickster <retroeffective@xxxxxxxxx>
Cc: <stable@xxxxxxxxxx>
--- sad-penguin/drivers/usb/misc/emi62.c
+++ happy-penguin/drivers/usb/misc/emi62.c
@@ -167,7 +167,7 @@ static int emi62_load_firmware (struct u
err("%s - error loading firmware: error = %d", __func__, err);
goto wraperr;
}
- } while (i > 0);
+ } while (rec);
/* Assert reset (stop the CPU in the EMI) */
err = emi62_set_reset(dev,1);
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@xxxxxxxxxxxxxxxxxxxx
http://lists.linuxaudio.org/mailman/listinfo/linux-audio-user
