On Monday, September 24, 2012 9:21 AM, Ian Abbott wrote: > > `s626_enc_insn_config()` is incorrectly dereferencing `insn->data` which > is a pointer to user memory. It should be dereferencing the separate > `data` parameter that points to a copy of the data in kernel memory. > > Cc: sta...@vger.kernel.org > Signed-off-by: Ian Abbott <abbo...@mev.co.uk> > --- > drivers/staging/comedi/drivers/s626.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/comedi/drivers/s626.c > b/drivers/staging/comedi/drivers/s626.c > index f90578e..2b03b68 100644 > --- a/drivers/staging/comedi/drivers/s626.c > +++ b/drivers/staging/comedi/drivers/s626.c > @@ -1868,7 +1868,7 @@ static int s626_enc_insn_config(struct comedi_device > *dev, > /* (data==NULL) ? (Preloadvalue=0) : (Preloadvalue=data[0]); */ > > k->SetMode(dev, k, Setup, TRUE); > - Preload(dev, k, *(insn->data)); > + Preload(dev, k, data[0]); > k->PulseIndex(dev, k); > SetLatchSource(dev, k, valueSrclatch); > k->SetEnable(dev, k, (uint16_t) (enab != 0));
Hmm.. Thought I fixed this last week.. Oh well.. Reviewed-by: H Hartley Sweeten <hswee...@visionengravers.com> _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
