On Monday, September 24, 2012 9:21 AM, Ian Abbott wrote: > > `s626_enc_insn_config()` is incorrectly dereferencing `insn->data` which > is a pointer to user memory. It should be dereferencing the separate > `data` parameter that points to a copy of the data in kernel memory. > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx> > --- > drivers/staging/comedi/drivers/s626.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/comedi/drivers/s626.c b/drivers/staging/comedi/drivers/s626.c > index f90578e..2b03b68 100644 > --- a/drivers/staging/comedi/drivers/s626.c > +++ b/drivers/staging/comedi/drivers/s626.c > @@ -1868,7 +1868,7 @@ static int s626_enc_insn_config(struct comedi_device *dev, > /* (data==NULL) ? (Preloadvalue=0) : (Preloadvalue=data[0]); */ > > k->SetMode(dev, k, Setup, TRUE); > - Preload(dev, k, *(insn->data)); > + Preload(dev, k, data[0]); > k->PulseIndex(dev, k); > SetLatchSource(dev, k, valueSrclatch); > k->SetEnable(dev, k, (uint16_t) (enab != 0)); Hmm.. Thought I fixed this last week.. Oh well.. Reviewed-by: H Hartley Sweeten <hsweeten@xxxxxxxxxxxxxxxxxxx> _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
