* [PATCH] emi62: fix crash when trying to load EMI 6|2 firmware
@ 2009-11-20 7:53 Clemens Ladisch
0 siblings, 0 replies; only message in thread
From: Clemens Ladisch @ 2009-11-20 7:53 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: Der Mickster, David Woodhouse, linux-kernel
While converting emi62 to use request_firmware(), the driver was
also changed to use the ihex helper functions. However, this broke
the loading of the FPGA firmware because the code tries to access
the addr field of the EOF record which works with a plain array that
has an empty last record but not with the ihex helper functions
where the end of the data is signaled with a NULL record pointer,
resulting in:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f80d248c>] emi62_load_firmware+0x33c/0x740 [emi62]
This can be fixed by changing the loop condition to test the return
value of ihex_next_binrec() directly (like in emi26.c).
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-and-tested-by: Der Mickster <retroeffective@gmail.com>
Acked-By: David Woodhouse <David.Woodhouse@intel.com>
Cc: <stable@kernel.org>
--- sad-penguin/drivers/usb/misc/emi62.c
+++ happy-penguin/drivers/usb/misc/emi62.c
@@ -167,7 +167,7 @@ static int emi62_load_firmware (struct u
err("%s - error loading firmware: error = %d", __func__, err);
goto wraperr;
}
- } while (i > 0);
+ } while (rec);
/* Assert reset (stop the CPU in the EMI) */
err = emi62_set_reset(dev,1);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-11-20 7:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-11-20 7:53 [PATCH] emi62: fix crash when trying to load EMI 6|2 firmware Clemens Ladisch
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox