--- /dev/null
+From stable-bounces@linux.kernel.org Sat May 13 02:21:24 2006
+Date: Sat, 13 May 2006 11:17:37 +0200
+From: Jean Delvare <khali@linux-fr.org>
+To: stable@kernel.org
+Cc:
+Subject: [PATCH] scx200_acb: Fix resource name use after free
+
+We can't pass a string on the stack to request_region. As soon as we
+leave the function that stack is gone and the string is lost. Let's
+use the same string we identify the i2c_adapter with instead, it's
+more simple, more consistent, and just works.
+
+This is the second half of fix to bug #6445.
+
+Signed-off-by: Jean Delvare <khali@linux-fr.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/i2c/busses/scx200_acb.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- linux-2.6.16.16.orig/drivers/i2c/busses/scx200_acb.c
++++ linux-2.6.16.16/drivers/i2c/busses/scx200_acb.c
+@@ -440,7 +440,6 @@ static int __init scx200_acb_create(int
+ struct scx200_acb_iface *iface;
+ struct i2c_adapter *adapter;
+ int rc = 0;
+- char description[64];
+
+ iface = kzalloc(sizeof(*iface), GFP_KERNEL);
+ if (!iface) {
+@@ -459,8 +458,7 @@ static int __init scx200_acb_create(int
+
+ init_MUTEX(&iface->sem);
+
+- snprintf(description, sizeof(description), "NatSemi SCx200 ACCESS.bus [%s]", adapter->name);
+- if (request_region(base, 8, description) == 0) {
++ if (!request_region(base, 8, adapter->name)) {
+ dev_err(&adapter->dev, "can't allocate io 0x%x-0x%x\n",
+ base, base + 8-1);
+ rc = -EBUSY;
projects / thirdparty / kernel / stable-queue.git / commitdiff
