[cpia] CPIA USB driver memory corruption
Arjan van de Ven
arjan@fenrus.demon.nl
Tue, 6 Jun 2000 18:18:21 +0200 (CEST)
Hi,
The following patch fixs illegal memory accesses caused by the cpia driver
in 2.4.0-test1-ac7. The cause was that a kfree'd pointer wasn't set to
NULL so it was accessed as if it wasn't kfree'd.
Greetings,
Arjan van de Ven
--- cpia_usb.c~ Fri Mar 31 04:00:01 2000
+++ cpia_usb.c Fri Jun 2 19:08:53 2000
@@ -260,8 +260,10 @@
error_all:
kfree (ucpia->sbuf[1].data);
+ ucpia->sbuf[1].data = NULL;
error_0:
kfree (ucpia->sbuf[0].data);
+ ucpia->sbuf[0].data = NULL;
return retval;
}
@@ -436,8 +438,9 @@
cpia_usb_free_resources(ucpia, 1);
- if (!ucpia->present)
+ if (!ucpia->present)
kfree(ucpia);
+
return 0;
}
@@ -590,8 +593,10 @@
ucpia->buffers[0] = NULL;
}
- if (!ucpia->open)
+ if (!ucpia->open) {
kfree(ucpia);
+ cam->lowlevel_data = NULL;
+ }
}
int usb_cpia_init(void)