4.14-stable patches

[thirdparty/kernel/stable-queue.git] / releases / 2.6.32.3 / usb-emi62-fix-crash-when-trying-to-load-emi-6-2-firmware.patch

From ac06c06770bb8761b1f1f9bdf2f5420fa6d3e9fa Mon Sep 17 00:00:00 2001
From: Clemens Ladisch <clemens@ladisch.de>
Date: Mon, 21 Dec 2009 15:36:44 -0800
Subject: USB: emi62: fix crash when trying to load EMI 6|2 firmware

From: Clemens Ladisch <clemens@ladisch.de>

commit ac06c06770bb8761b1f1f9bdf2f5420fa6d3e9fa upstream.

While converting emi62 to use request_firmware(), the driver was also
changed to use the ihex helper functions.  However, this broke the loading
of the FPGA firmware because the code tries to access the addr field of
the EOF record which works with a plain array that has an empty last
record but not with the ihex helper functions where the end of the data is
signaled with a NULL record pointer, resulting in:

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f80d248c>] emi62_load_firmware+0x33c/0x740 [emi62]

This can be fixed by changing the loop condition to test the return value
of ihex_next_binrec() directly (like in emi26.c).

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-and-tested-by: Der Mickster <retroeffective@gmail.com>
Acked-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/usb/misc/emi62.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/misc/emi62.c
+++ b/drivers/usb/misc/emi62.c
@@ -167,7 +167,7 @@ static int emi62_load_firmware (struct u
                        err("%s - error loading firmware: error = %d", __func__, err);
                        goto wraperr;
                }
-       } while (i > 0);
+       } while (rec);
 
        /* Assert reset (stop the CPU in the EMI) */
        err = emi62_set_reset(dev,1);