[PATCH 02/02] staging: dgap: Fix BUG in processing config file
Mark Hounschell
markh at compro.net
Wed Apr 23 14:33:45 UTC 2014
This patch fixes an OOPS caused by a pointer being
changed between the malloc and free.
Signed-off-by: Mark Hounschell <markh at compro.net>
Tested-by: Mark Hounschell <markh at compro.net>
Reported-by: Mark Hounschell <markh at compro.net>
Cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
drivers/staging/dgap/dgap.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/dgap/dgap.c b/drivers/staging/dgap/dgap.c
index e0b8d0f..55a23b0 100644
--- a/drivers/staging/dgap/dgap.c
+++ b/drivers/staging/dgap/dgap.c
@@ -820,6 +820,7 @@ static int dgap_firmware_load(struct pci_dev *pdev, int card_type)
{
struct board_t *brd = dgap_Board[dgap_NumBoards - 1];
const struct firmware *fw;
+ char *tmp_ptr;
int ret;
dgap_get_vpd(brd);
@@ -843,7 +844,14 @@ static int dgap_firmware_load(struct pci_dev *pdev, int card_type)
memcpy(dgap_config_buf, fw->data, fw->size);
release_firmware(fw);
- if (dgap_parsefile(&dgap_config_buf, TRUE) != 0) {
+ /*
+ * preserve dgap_config_buf
+ * as dgap_parsefile would
+ * otherwise alter it.
+ */
+ tmp_ptr = dgap_config_buf;
+
+ if (dgap_parsefile(&tmp_ptr, TRUE) != 0) {
kfree(dgap_config_buf);
return -EINVAL;
}
--
1.8.4.5
More information about the devel
mailing list