A few lines above the patch we have:
char *srec;
srec = kmalloc(SCIOC_SRECSIZE, GFP_KERNEL);
sizeof pointer is probably not meant here.
Signed-off-by: Domen Puncer <domen@coderock.org>
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
/*
* Get the SRec from user space
*/
/*
* Get the SRec from user space
*/
- if (copy_from_user(srec, data->dataptr, sizeof(srec))) {
+ if (copy_from_user(srec, data->dataptr, SCIOC_SRECSIZE)) {
kfree(rcvmsg);
kfree(srec);
return -EFAULT;
}
status = send_and_receive(card, CMPID, cmReqType2, cmReqClass0, cmReqLoadProc,
kfree(rcvmsg);
kfree(srec);
return -EFAULT;
}
status = send_and_receive(card, CMPID, cmReqType2, cmReqClass0, cmReqLoadProc,
- 0, sizeof(srec), srec, rcvmsg, SAR_TIMEOUT);
+ 0, SCIOC_SRECSIZE, srec, rcvmsg, SAR_TIMEOUT);
kfree(rcvmsg);
kfree(srec);
kfree(rcvmsg);
kfree(srec);