USB: isight: fix kernel bug when loading firmware

We were sending data on the stack when uploading firmware, which causes
some machines fits, and is not allowed.  Fix this by using the buffer we
already had around for this very purpose.

Reported-by: Wouter M. Koolen <wmkoolen@cwi.nl>
Tested-by: Wouter M. Koolen <wmkoolen@cwi.nl>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/usb/misc/isight_firmware.c b/drivers/usb/misc/isight_firmware.c
index fe1d443..8f725f6 100644 (file)
--- a/drivers/usb/misc/isight_firmware.c
+++ b/drivers/usb/misc/isight_firmware.c
@@ -55,8 +55,9 @@ static int isight_firmware_load(struct usb_interface *intf,
 
        ptr = firmware->data;
 
+       buf[0] = 0x01;
        if (usb_control_msg
-           (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, "\1", 1,
+           (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, buf, 1,
             300) != 1) {
                printk(KERN_ERR
                       "Failed to initialise isight firmware loader\n");
@@ -100,8 +101,9 @@ static int isight_firmware_load(struct usb_interface *intf,
                }
        }
 
+       buf[0] = 0x00;
        if (usb_control_msg
-           (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, "\0", 1,
+           (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, buf, 1,
             300) != 1) {
                printk(KERN_ERR "isight firmware loading completion failed\n");
                ret = -ENODEV;