Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Commit 61a6c8ed authored by Clemens Ladisch's avatar Clemens Ladisch Committed by Greg Kroah-Hartman
Browse files

USB: emi62: fix crash when trying to load EMI 6|2 firmware

commit ac06c067

 upstream.

While converting emi62 to use request_firmware(), the driver was also
changed to use the ihex helper functions.  However, this broke the loading
of the FPGA firmware because the code tries to access the addr field of
the EOF record which works with a plain array that has an empty last
record but not with the ihex helper functions where the end of the data is
signaled with a NULL record pointer, resulting in:

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f80d248c>] emi62_load_firmware+0x33c/0x740 [emi62]

This can be fixed by changing the loop condition to test the return value
of ihex_next_binrec() directly (like in emi26.c).

Signed-off-by: default avatarClemens Ladisch <clemens@ladisch.de>
Reported-and-tested-by: default avatarDer Mickster <retroeffective@gmail.com>
Acked-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: ...
parent 184369b0
No related merge requests found
......@@ -167,7 +167,7 @@ static int emi62_load_firmware (struct usb_device *dev)
err("%s - error loading firmware: error = %d", __func__, err);
goto wraperr;
}
} while (i > 0);
} while (rec);
/* Assert reset (stop the CPU in the EMI) */
err = emi62_set_reset(dev,1);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment