[PATCH] udl: zero out struct fb_deferred_io on allocation

Ensure all fields of the struct fb_deferred_io are zeroed out on init, otherwise the fbdefio->first_io function pointer can contain garbage, and fb_deferred_io_mkwrite() will end up jumping to this garbage address. Signed-off-by: Nickolai Zeldovich --- drivers/gpu/drm/udl/udl_fb.c |2 +-

[PATCH] net/xfrm/xfrm_replay: avoid division by zero

er a divide-by-zero exception. Some compilers will also assume that the earlier division means the value cannot be zero later, and thus will eliminate the subsequent zero check as dead code. This patch moves the division to after the check. Signed-off-by: Nickolai Zeldovich --- net/xfrm/xfrm_replay.c

[PATCH] 3c574_cs: fix operator precedence between <<

The code to print the FIFO size in tc574_config computes it as: 8 << config & Ram_size which evaluates the '<<' first, but the actual intent is to evaluate the '&' first. Add parentheses to enforce desired evaluation order. Signed-off-by: Nickolai Z

Re: [PATCH] cifs: fix srcip_matches() for ipv6

On Wed, Jan 16, 2013 at 10:51 PM, Steve French wrote: > How did you discover this - did you have an ipv6 test case or by > inspection or ...? By mostly-automated inspection (i.e., with the help of a static program analysis tool). Nickolai. -- To unsubscribe from this list: send the line "unsubsc

[PATCH] cifs: fix srcip_matches() for ipv6

;rhs' pointer as an ipv6 address. The correct thing to do is to use 'rhs', not '&rhs'. Signed-off-by: Nickolai Zeldovich --- fs/cifs/connect.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 17c3643.

[PATCH] ntfs: do not dereference a null ctx on error

In ntfs_mft_data_extend_allocation_nolock(), if an error condition occurs prior to 'ctx' being set to a non-NULL value, avoid dereferencing the NULL 'ctx' pointer by jumping to later cleanup code. Signed-off-by: Nickolai Zeldovich --- fs/ntfs/mft.c |8 1 file c

[PATCH] drivers: xhci: fix incorrect bit test

Fix incorrect bit test that originally showed up in 4ee823b83bc9851743fab756c76b27d6a1e2472b: use '&' instead of '&&'. Signed-off-by: Nickolai Zeldovich --- drivers/usb/host/xhci-ring.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/driver

[PATCH] sisusbvga: use proper device for dev_err() during probe

If kzalloc returns NULL, do not dereference the said NULL pointer as the first argument to dev_err(); use &dev->dev instead. Similarly, before sisusb->sisusb_dev has been initialized to dev, use dev_err(&dev->dev) instead. Signed-off-by: Nickolai Zeldovich --- drivers/u

[PATCH] drivers/media/pci: use memmove for overlapping regions

Change several memcpy() to memmove() in cases when the regions are definitely overlapping; memcpy() of overlapping regions is undefined behavior in C and can produce different results depending on the compiler, the memcpy implementation, etc. Signed-off-by: Nickolai Zeldovich --- drivers/media

Re: [PATCH] drivers/net/wireless/mwl8k.c: avoid use-after-free

On Sun, Jan 6, 2013 at 9:48 PM, Lennert Buytenhek wrote: > Good catch, but the patch would be better titled "mwl8k.c: avoid > having a working driver", as the station_id return code _is_ needed > by the caller in case of success. I'm not quite sure what you mean -- is there something subtle going

[PATCH v2] media: cx18, ivtv: eliminate unnecessary array index checks

the index before the check. Signed-off-by: Nickolai Zeldovich --- Thanks to Andy Walls for suggesting that instead of moving the checks before array dereference, a better fix is to remove the checks altogether, since they are superfluous. drivers/media/pci/cx18/cx18-i2c.c |3 --- drivers

[PATCH] drivers/net/wireless/mwl8k.c: avoid use-after-free

Do not dereference p->station_id after kfree(cmd) because p points into the cmd data structure. Signed-off-by: Nickolai Zeldovich --- drivers/net/wireless/mwl8k.c |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mwl8k.c b/drivers/net/wirel