summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Verkuil <hverkuil@xs4all.nl>2008-07-27 14:08:54 -0300
committerMauro Carvalho Chehab <mchehab@infradead.org>2008-07-27 18:07:58 -0300
commit429e90893c9ad2c266d541c94d6ca69a34a7701d (patch)
tree2e71b21410b5c0b6970eab25cb5098687a83dd0d
parentee56a4d3e39c2baafd06aaf26d975a7c9b05e3a2 (diff)
downloadkernel-crypto-429e90893c9ad2c266d541c94d6ca69a34a7701d.tar.gz
kernel-crypto-429e90893c9ad2c266d541c94d6ca69a34a7701d.tar.xz
kernel-crypto-429e90893c9ad2c266d541c94d6ca69a34a7701d.zip
V4L/DVB (8546): saa7146: fix read from uninitialized memory
The offset field of the scatterlist entry *after* the last valid scatterlist entry was used instead of the first scatterlist entry (as was the intention of this code). This worked fine until the kzalloc of the sglist was replaced with kmalloc and sg_init_table only zeroed the exact needed length. Apparently kzalloc zeroes a bit more than is strictly necessary so the offset field was always 0 in the past. But now the offset field was suddenly random and this led to broken captures. Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
-rw-r--r--drivers/media/common/saa7146_video.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/media/common/saa7146_video.c b/drivers/media/common/saa7146_video.c
index acaddc15dad..e8bc7abf240 100644
--- a/drivers/media/common/saa7146_video.c
+++ b/drivers/media/common/saa7146_video.c
@@ -656,7 +656,7 @@ static int saa7146_pgtable_build(struct saa7146_dev *dev, struct saa7146_buf *bu
/* if we have a user buffer, the first page may not be
aligned to a page boundary. */
- pt1->offset = list->offset;
+ pt1->offset = dma->sglist->offset;
pt2->offset = pt1->offset+o1;
pt3->offset = pt1->offset+o2;