Ensure all fields of the struct fb_deferred_io are zeroed out on init,
otherwise the fbdefio->first_io function pointer can contain garbage,
and fb_deferred_io_mkwrite() will end up jumping to this garbage address.
Signed-off-by: Nickolai Zeldovich
---
drivers/gpu/drm/udl/udl_fb.c |2 +-
Ensure all fields of the struct fb_deferred_io are zeroed out on init,
otherwise the fbdefio-first_io function pointer can contain garbage,
and fb_deferred_io_mkwrite() will end up jumping to this garbage address.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
drivers/gpu/drm/udl
e-by-zero exception. Some compilers will also assume that the
earlier division means the value cannot be zero later, and thus will
eliminate the subsequent zero check as dead code.
This patch moves the division to after the check.
Signed-off-by: Nickolai Zeldovich
---
net/xfrm/xfrm_replay.c |4 +++
The code to print the FIFO size in tc574_config computes it as:
8 << config & Ram_size
which evaluates the '<<' first, but the actual intent is to evaluate the
'&' first. Add parentheses to enforce desired evaluation order.
Signed-off-by: Nickolai Zeldovich
---
drive
The code to print the FIFO size in tc574_config computes it as:
8 config Ram_size
which evaluates the '' first, but the actual intent is to evaluate the
'' first. Add parentheses to enforce desired evaluation order.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
drivers/net
. Some compilers will also assume that the
earlier division means the value cannot be zero later, and thus will
eliminate the subsequent zero check as dead code.
This patch moves the division to after the check.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
net/xfrm/xfrm_replay.c
On Wed, Jan 16, 2013 at 10:51 PM, Steve French wrote:
> How did you discover this - did you have an ipv6 test case or by
> inspection or ...?
By mostly-automated inspection (i.e., with the help of a static
program analysis tool).
Nickolai.
--
To unsubscribe from this list: send the line
pv6 address. The correct thing to do is to use 'rhs', not ''.
Signed-off-by: Nickolai Zeldovich
---
fs/cifs/connect.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 17c3643..12b3da3 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connec
In ntfs_mft_data_extend_allocation_nolock(), if an error condition occurs
prior to 'ctx' being set to a non-NULL value, avoid dereferencing the NULL
'ctx' pointer by jumping to later cleanup code.
Signed-off-by: Nickolai Zeldovich
---
fs/ntfs/mft.c |8
1 file changed, 4 insertions
In ntfs_mft_data_extend_allocation_nolock(), if an error condition occurs
prior to 'ctx' being set to a non-NULL value, avoid dereferencing the NULL
'ctx' pointer by jumping to later cleanup code.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
fs/ntfs/mft.c |8
1 file
as an
ipv6 address. The correct thing to do is to use 'rhs', not 'rhs'.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
fs/cifs/connect.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 17c3643..12b3da3 100644
--- a/fs/cifs
On Wed, Jan 16, 2013 at 10:51 PM, Steve French smfre...@gmail.com wrote:
How did you discover this - did you have an ipv6 test case or by
inspection or ...?
By mostly-automated inspection (i.e., with the help of a static
program analysis tool).
Nickolai.
--
To unsubscribe from this list: send
Fix incorrect bit test that originally showed up in
4ee823b83bc9851743fab756c76b27d6a1e2472b: use '&' instead of '&&'.
Signed-off-by: Nickolai Zeldovich
---
drivers/usb/host/xhci-ring.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-ring
If kzalloc returns NULL, do not dereference the said NULL pointer as the
first argument to dev_err(); use >dev instead. Similarly, before
sisusb->sisusb_dev has been initialized to dev, use dev_err(>dev)
instead.
Signed-off-by: Nickolai Zeldovich
---
drivers/usb/misc/sisusbvga/sisusb
Change several memcpy() to memmove() in cases when the regions are
definitely overlapping; memcpy() of overlapping regions is undefined
behavior in C and can produce different results depending on the compiler,
the memcpy implementation, etc.
Signed-off-by: Nickolai Zeldovich
---
drivers/media
Change several memcpy() to memmove() in cases when the regions are
definitely overlapping; memcpy() of overlapping regions is undefined
behavior in C and can produce different results depending on the compiler,
the memcpy implementation, etc.
Signed-off-by: Nickolai Zeldovich nicko
If kzalloc returns NULL, do not dereference the said NULL pointer as the
first argument to dev_err(); use dev-dev instead. Similarly, before
sisusb-sisusb_dev has been initialized to dev, use dev_err(dev-dev)
instead.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
drivers/usb/misc
Fix incorrect bit test that originally showed up in
4ee823b83bc9851743fab756c76b27d6a1e2472b: use '' instead of ''.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
drivers/usb/host/xhci-ring.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host
On Sun, Jan 6, 2013 at 9:48 PM, Lennert Buytenhek
wrote:
> Good catch, but the patch would be better titled "mwl8k.c: avoid
> having a working driver", as the station_id return code _is_ needed
> by the caller in case of success.
I'm not quite sure what you mean -- is there something subtle
the index before the check.
Signed-off-by: Nickolai Zeldovich
---
Thanks to Andy Walls for suggesting that instead of moving the checks
before array dereference, a better fix is to remove the checks altogether,
since they are superfluous.
drivers/media/pci/cx18/cx18-i2c.c |3 ---
drivers
Do not dereference p->station_id after kfree(cmd) because p
points into the cmd data structure.
Signed-off-by: Nickolai Zeldovich
---
drivers/net/wireless/mwl8k.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mwl8k.c b/drivers/net/wirel
Do not dereference p-station_id after kfree(cmd) because p
points into the cmd data structure.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
drivers/net/wireless/mwl8k.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mwl8k.c b
the index before the check.
Signed-off-by: Nickolai Zeldovich nicko...@csail.mit.edu
---
Thanks to Andy Walls for suggesting that instead of moving the checks
before array dereference, a better fix is to remove the checks altogether,
since they are superfluous.
drivers/media/pci/cx18/cx18-i2c.c
On Sun, Jan 6, 2013 at 9:48 PM, Lennert Buytenhek
buyt...@wantstofly.org wrote:
Good catch, but the patch would be better titled mwl8k.c: avoid
having a working driver, as the station_id return code _is_ needed
by the caller in case of success.
I'm not quite sure what you mean -- is there
24 matches
Mail list logo