istl_flip is a signed bitfield of one bit so it can be -1 or 0.
However in drivers/usb/host/isp1362-hcd.c:1103:
finish_iso_transfers(isp1362_hcd,
&isp1362_hcd->istl_queue[isp1362_hcd->istl_flip]);
So if isp1362_hcd->istl_flip is set, the 2nd argument becomes
&isp1362_hcd->istl_queue[-1], which is invalid.
Signed-off-by: Roel Kluin <[email protected]>
---
FYI:
drivers/usb/host/isp1362.h:543:
struct isp1362_hcd {
...
struct isp1362_ep_queue istl_queue[2];
};
The change of the other bitfield may not be strictly necessary
but is preferred, I thought.
Roel
diff --git a/drivers/usb/host/isp1362.h b/drivers/usb/host/isp1362.h
index 1a253eb..5151516 100644
--- a/drivers/usb/host/isp1362.h
+++ b/drivers/usb/host/isp1362.h
@@ -534,8 +534,8 @@ struct isp1362_hcd {
/* periodic schedule: isochronous */
struct list_head isoc;
- int istl_flip:1;
- int irq_active:1;
+ unsigned int istl_flip:1;
+ unsigned int irq_active:1;
/* Schedules for the current frame */
struct isp1362_ep_queue atl_queue;
On Wed, Nov 18, 2009 at 08:12, Roel Kluin wrote:
> istl_flip is a signed bitfield of one bit so it can be -1 or 0.
> However in drivers/usb/host/isp1362-hcd.c:1103:
>
> finish_iso_transfers(isp1362_hcd,
> &isp1362_hcd->istl_queue[isp1362_hcd->istl_flip]);
>
> So if isp1362_hcd->istl_flip is set, the 2nd argument becomes
> &isp1362_hcd->istl_queue[-1], which is invalid.
makes sense to me (both changes).
Acked-by: Mike Frysinger <[email protected]>
-mike