[PATCH] staging: comedi: addi_apci_1500: fix array access out of bounds error
Greg KH
gregkh at linuxfoundation.org
Sat Feb 7 09:03:06 UTC 2015
On Sat, Feb 07, 2015 at 05:00:06PM +0800, Greg KH wrote:
> On Wed, Jan 28, 2015 at 09:58:56AM -0700, H Hartley Sweeten wrote:
> > The private data 'pm', 'pt', and 'pp' array members hold the trigger mode
> > parameters for ports A and B. Both ports are 8-bits and the arrays are 16-bits.
> > Array index 0 defines the AND mode and index 1 the OR mode parameters for both
> > ports.
> >
> > The valid triggers to start the async command are 0 to 3 which select the
> > AND/OR mode for each port.
> >
> > The 'pb_trig' (the array index for port B) in apci1500_di_inttrig_start() is
> > incorrect and results in an index of 0 or 2. Fix the calc so that the correct
> > index (0/1) is used.
> >
> > Signed-off-by: H Hartley Sweeten <hsweeten at visionengravers.com>
> > Reported-by: Asaf Vertz <asaf.vertz at tandemg.com>
> > Reviewed-by: Ian Abbott <abbotti at mev.co.uk>
> > ---
> > drivers/staging/comedi/drivers/addi_apci_1500.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/staging/comedi/drivers/addi_apci_1500.c b/drivers/staging/comedi/drivers/addi_apci_1500.c
> > index fc7db1d..f15aa1f 100644
> > --- a/drivers/staging/comedi/drivers/addi_apci_1500.c
> > +++ b/drivers/staging/comedi/drivers/addi_apci_1500.c
> > @@ -296,7 +296,7 @@ static int apci1500_di_inttrig_start(struct comedi_device *dev,
> > unsigned int pa_mode = Z8536_PAB_MODE_PMS_DISABLE;
> > unsigned int pb_mode = Z8536_PAB_MODE_PMS_DISABLE;
> > unsigned int pa_trig = trig_num & 0x01;
> > - unsigned int pb_trig = trig_num & 0x02;
> > + unsigned int pb_trig = (trig_num >> 1) & 0x01;
> > bool valid_trig = false;
> > unsigned int val;
> >
>
> Doesn't apply to my tree :(
Which was because I was trying to apply it to the wrong tree, nevermind,
sorry for the noise.
greg k-h
More information about the devel
mailing list