From: Julia Lawall Date: Thu, 17 Dec 2009 23:27:09 +0000 (-0800) Subject: drivers/video/via/viafbdev.c: correct code taking the size of a pointer X-Git-Tag: 2.1b_release~9894 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0f05058531330854ff383237e1547044c67e5740;p=platform%2Fkernel%2Fkernel-mfld-blackbay.git drivers/video/via/viafbdev.c: correct code taking the size of a pointer sizeof(viafb_gamma_table) is just the size of the pointer. This is changed to the size used when calling kmalloc to initialize the pointer. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression *x; expression f; type T; @@ *f(...,(T)x,...) // Signed-off-by: Julia Lawall Acked-by: Florian Tobias Schandinat Cc: Joseph Chan Cc: Scott Fang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/video/via/viafbdev.c b/drivers/video/via/viafbdev.c index 10d8c4b..d8df17a 100644 --- a/drivers/video/via/viafbdev.c +++ b/drivers/video/via/viafbdev.c @@ -680,7 +680,7 @@ static int viafb_ioctl(struct fb_info *info, u_int cmd, u_long arg) if (!viafb_gamma_table) return -ENOMEM; if (copy_from_user(viafb_gamma_table, argp, - sizeof(viafb_gamma_table))) { + 256 * sizeof(u32))) { kfree(viafb_gamma_table); return -EFAULT; } @@ -694,7 +694,7 @@ static int viafb_ioctl(struct fb_info *info, u_int cmd, u_long arg) return -ENOMEM; viafb_get_gamma_table(viafb_gamma_table); if (copy_to_user(argp, viafb_gamma_table, - sizeof(viafb_gamma_table))) { + 256 * sizeof(u32))) { kfree(viafb_gamma_table); return -EFAULT; }