drivers/video/via/viafbdev.c: correct code taking the size of a pointer
Julia Lawall [Thu, 17 Dec 2009 23:27:09 +0000 (15:27 -0800)]
sizeof(viafb_gamma_table) is just the size of the pointer.  This is changed
to the size used when calling kmalloc to initialize the pointer.

A simplified version of the semantic patch that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression *x;
expression f;
type T;
@@

*f(...,(T)x,...)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Cc: Joseph Chan <JosephChan@via.com.tw>
Cc: Scott Fang <ScottFang@viatech.com.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

drivers/video/via/viafbdev.c

index 10d8c4b..d8df17a 100644 (file)
@@ -680,7 +680,7 @@ static int viafb_ioctl(struct fb_info *info, u_int cmd, u_long arg)
                if (!viafb_gamma_table)
                        return -ENOMEM;
                if (copy_from_user(viafb_gamma_table, argp,
-                               sizeof(viafb_gamma_table))) {
+                               256 * sizeof(u32))) {
                        kfree(viafb_gamma_table);
                        return -EFAULT;
                }
@@ -694,7 +694,7 @@ static int viafb_ioctl(struct fb_info *info, u_int cmd, u_long arg)
                        return -ENOMEM;
                viafb_get_gamma_table(viafb_gamma_table);
                if (copy_to_user(argp, viafb_gamma_table,
-                       sizeof(viafb_gamma_table))) {
+                       256 * sizeof(u32))) {
                        kfree(viafb_gamma_table);
                        return -EFAULT;
                }