staging: comedi: don't dereference user memory for INSN_INTTRIG

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

`parse_insn()` is dereferencing the user-space pointer `insn->data`
directly when handling the `INSN_INTTRIG` comedi instruction. It
shouldn't be using `insn->data` at all; it should be using the separate
`data` pointer passed to the function. Fix it.

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Ian Abbott and committed by

Greg Kroah-Hartman 13 years ago 5d06e3df 9f82e957

+1 -1

1 changed file

expand all

drivers

staging

comedi

comedi_fops.c

+1 -1

drivers/staging/comedi/comedi_fops.c

··· 950 950 ret = -EAGAIN; 951 951 break; 952 952 } 953 - ret = s->async->inttrig(dev, s, insn->data[0]); 953 + ret = s->async->inttrig(dev, s, data[0]); 954 954 if (ret >= 0) 955 955 ret = 1; 956 956 break;