From 17066d3b7412c122b1d2c04462d5ba960b018cb8 Mon Sep 17 00:00:00 2001 From: Hans Verkuil Date: Thu, 20 Jun 2024 09:52:26 +0200 Subject: [PATCH] media: b2c2: flexcop-usb: fix flexcop_usb_memory_req BugLink: https://bugs.launchpad.net/bugs/2085849 [ Upstream commit b178aa6f333b07bda0548d7e45085660a112414d ] smatch generated this warning: drivers/media/usb/b2c2/flexcop-usb.c:199 flexcop_usb_memory_req() warn: iterator 'i' not incremented and indeed the function is not using i or updating buf. The reason this always worked is that this function is called to write just 6 bytes (a MAC address) to the USB device, and so in practice there is only a single chunk written. If we ever would need to write more than one chunk, this function would fail since each chunk would read from or write to the same buf address. Rewrite the function to properly handle this. Signed-off-by: Hans Verkuil Signed-off-by: Sasha Levin Signed-off-by: Manuel Diewald Signed-off-by: Roxana Nicolescu --- drivers/media/usb/b2c2/flexcop-usb.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c index bcb24d896498..a060b9691b80 100644 --- a/drivers/media/usb/b2c2/flexcop-usb.c +++ b/drivers/media/usb/b2c2/flexcop-usb.c @@ -179,7 +179,7 @@ static int flexcop_usb_memory_req(struct flexcop_usb *fc_usb, flexcop_usb_request_t req, flexcop_usb_mem_page_t page_start, u32 addr, int extended, u8 *buf, u32 len) { - int i, ret = 0; + int ret = 0; u16 wMax; u32 pagechunk = 0; @@ -196,7 +196,7 @@ static int flexcop_usb_memory_req(struct flexcop_usb *fc_usb, default: return -EINVAL; } - for (i = 0; i < len;) { + while (len) { pagechunk = wMax < bytes_left_to_read_on_page(addr, len) ? wMax : @@ -209,11 +209,12 @@ static int flexcop_usb_memory_req(struct flexcop_usb *fc_usb, page_start + (addr / V8_MEMORY_PAGE_SIZE), (addr & V8_MEMORY_PAGE_MASK) | (V8_MEMORY_EXTENDED*extended), - &buf[i], pagechunk); + buf, pagechunk); if (ret < 0) return ret; addr += pagechunk; + buf += pagechunk; len -= pagechunk; } return 0;