aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/staging
diff options
context:
space:
mode:
authorIan Abbott <abbotti@mev.co.uk>2012-09-18 19:46:58 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-10-07 08:27:24 -0700
commit03acba6021da7f7bde0c0886379873791c6e24bf (patch)
treed0e1e7cbdc5ee0c912d876a00d413b6227a11404 /drivers/staging
parente451b6d10c4afa8244c02b731536bcad8800e6f7 (diff)
downloadkernel_samsung_tuna-03acba6021da7f7bde0c0886379873791c6e24bf.zip
kernel_samsung_tuna-03acba6021da7f7bde0c0886379873791c6e24bf.tar.gz
kernel_samsung_tuna-03acba6021da7f7bde0c0886379873791c6e24bf.tar.bz2
staging: comedi: don't dereference user memory for INSN_INTTRIG
commit 5d06e3df280bd230e2eadc16372e62818c63e894 upstream. `parse_insn()` is dereferencing the user-space pointer `insn->data` directly when handling the `INSN_INTTRIG` comedi instruction. It shouldn't be using `insn->data` at all; it should be using the separate `data` pointer passed to the function. Fix it. Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging')
-rw-r--r--drivers/staging/comedi/comedi_fops.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
index ea8d109..10fe503 100644
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -843,7 +843,7 @@ static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn,
ret = -EAGAIN;
break;
}
- ret = s->async->inttrig(dev, s, insn->data[0]);
+ ret = s->async->inttrig(dev, s, data[0]);
if (ret >= 0)
ret = 1;
break;