On Fri, Jun 11, 2004 at 10:59:14PM +0300, Pekka Pietikainen wrote:
> + colors = kmalloc(len,GFP_KERNEL);
...
> + if (copy_from_user(colors,dc->data,len))
> + return -EFAULT;
...
> + kfree(colors);
I suck :-)
Index: av7110_hw.c
===================================================================
RCS file: /cvs/linuxtv/dvb-kernel/linux/drivers/media/dvb/ttpci/av7110_hw.c,v
retrieving revision 1.11
diff -u -r1.11 av7110_hw.c
--- av7110_hw.c 3 May 2004 16:36:29 -0000 1.11
+++ av7110_hw.c 12 Jun 2004 09:30:49 -0000
@@ -952,17 +952,34 @@
return 0;
case OSD_SetPalette:
{
+ u8 *colors;
+ size_t len;
+
+ len = dc->x0*4;
+
+ if (len > DATA_BUFF3_SIZE)
+ return -EINVAL;
+
+ colors = kmalloc(len,GFP_KERNEL);
+ if(!colors)
+ return -ENOMEM;
+
+ if (copy_from_user(colors,dc->data,len)) {
+ kfree(colors);
+ return -EFAULT;
+ }
if (FW_VERSION(av7110->arm_app) >= 0x2618)
- OSDSetPalette(av7110, (u32 *)dc->data, dc->color, dc->x0);
- else {
- int i, len = dc->x0-dc->color+1;
- u8 *colors = (u8 *)dc->data;
+ OSDSetPalette(av7110, (u32 *)colors, dc->color, dc->x0);
+ else {
+ int i;
+ len = dc->x0-dc->color+1;
for (i = 0; i<len; i++)
OSDSetColor(av7110, dc->color + i,
colors[i * 4], colors[i * 4 + 1],
colors[i * 4 + 2], colors[i * 4 + 3]);
- }
+ }
+ kfree(colors);
return 0;
}
case OSD_SetTrans:
