istl_flip is a signed bitfield of one bit so it can be -1 or 0.
However in drivers/usb/host/isp1362-hcd.c:1103:
finish_iso_transfers(isp1362_hcd,
&isp1362_hcd->istl_queue[isp1362_hcd->istl_flip]);
So if isp1362_hcd->istl_flip is set, the 2nd argument becomes
&isp1362_hcd->istl_queue[-1], which is invalid.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
/* periodic schedule: isochronous */
struct list_head isoc;
- int istl_flip:1;
- int irq_active:1;
+ unsigned int istl_flip:1;
+ unsigned int irq_active:1;
/* Schedules for the current frame */
struct isp1362_ep_queue atl_queue;