Fix some problems which may lead to a panic:

- right order of src and dst in memcpy - NULL out the clips after freeing to prevent an accident Noticed by: hselasky
author: netchild <netchild@FreeBSD.org> 2010-03-26 08:42:11 +0000
committer: netchild <netchild@FreeBSD.org> 2010-03-26 08:42:11 +0000
commit: db8514f06a49f9330f64841541a48eb9ac769cf6 (patch)
tree: c91b04b903d13710e937bc183006bc66353b96ee /sys/compat
parent: 8457716f882f5feb02c818b7480432bdc5e46216 (diff)
download: FreeBSD-src-db8514f06a49f9330f64841541a48eb9ac769cf6.zip
FreeBSD-src-db8514f06a49f9330f64841541a48eb9ac769cf6.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/compat/linux/linux_ioctl.c b/sys/compat/linux/linux_ioctl.c
index c457d12..6600976 100644
--- a/sys/compat/linux/linux_ioctl.c
+++ b/sys/compat/linux/linux_ioctl.c
@@ -2711,7 +2711,7 @@ linux_v4l_clip_copy(void *lvc, struct video_clip **ppvc)
 	/* XXX: If there can be no concurrency: s/M_NOWAIT/M_WAITOK/ */
 	if ((*ppvc = malloc(sizeof(**ppvc), M_LINUX, M_NOWAIT)) == NULL)
 		return (ENOMEM);    /* XXX: linux has no ENOMEM here */
-	memcpy(&vclip, *ppvc, sizeof(vclip));
+	memcpy(*ppvc, &vclip, sizeof(vclip));
 	(*ppvc)->next = NULL;
 	return (0);
 }
@@ -2726,6 +2726,8 @@ linux_v4l_cliplist_free(struct video_window *vw)
 		ppvc_next = &((*ppvc)->next);
 		free(*ppvc, M_LINUX);
 	}
+	vw->clips = NULL;
+
 	return (0);
 }
author	netchild <netchild@FreeBSD.org>	2010-03-26 08:42:11 +0000
committer	netchild <netchild@FreeBSD.org>	2010-03-26 08:42:11 +0000
commit	db8514f06a49f9330f64841541a48eb9ac769cf6 (patch)
tree	c91b04b903d13710e937bc183006bc66353b96ee /sys/compat
parent	8457716f882f5feb02c818b7480432bdc5e46216 (diff)
download	FreeBSD-src-db8514f06a49f9330f64841541a48eb9ac769cf6.zip FreeBSD-src-db8514f06a49f9330f64841541a48eb9ac769cf6.tar.gz