pvr2fb: Fix oops when pseudo_palette is written (9cd1c674) · Commits · e / devices / android_kernel_teracube_2e

drivers/video/pvr2fb.c

+7 −5

Original line number	Original line	Diff line number	Diff line
	@@ -143,6 +143,7 @@ static struct pvr2fb_par {
	unsigned char is_lowres; /* Is horizontal pixel-doubling enabled? */		unsigned char is_lowres; /* Is horizontal pixel-doubling enabled? */

	unsigned long mmio_base; /* MMIO base */		unsigned long mmio_base; /* MMIO base */
			u32 palette[16];
	} *currentpar;		} *currentpar;

	static struct fb_info *fb_info;		static struct fb_info *fb_info;
	@@ -790,7 +791,7 @@ static int __devinit pvr2fb_common_init(void)
	fb_info->fbops = &pvr2fb_ops;		fb_info->fbops = &pvr2fb_ops;
	fb_info->fix = pvr2_fix;		fb_info->fix = pvr2_fix;
	fb_info->par = currentpar;		fb_info->par = currentpar;
	fb_info->pseudo_palette = (void *)(fb_info->par + 1);		fb_info->pseudo_palette = currentpar->palette;
	fb_info->flags = FBINFO_DEFAULT \| FBINFO_HWACCEL_YPAN;		fb_info->flags = FBINFO_DEFAULT \| FBINFO_HWACCEL_YPAN;

	if (video_output == VO_VGA)		if (video_output == VO_VGA)
	@@ -1082,14 +1083,15 @@ static int __init pvr2fb_init(void)
	#endif		#endif
	size = sizeof(struct fb_info) + sizeof(struct pvr2fb_par) + 16 * sizeof(u32);		size = sizeof(struct fb_info) + sizeof(struct pvr2fb_par) + 16 * sizeof(u32);

	fb_info = kzalloc(size, GFP_KERNEL);		fb_info = framebuffer_alloc(sizeof(struct pvr2fb_par), NULL);

	if (!fb_info) {		if (!fb_info) {
	printk(KERN_ERR "Failed to allocate memory for fb_info\n");		printk(KERN_ERR "Failed to allocate memory for fb_info\n");
	return -ENOMEM;		return -ENOMEM;
	}		}


	currentpar = (struct pvr2fb_par *)(fb_info + 1);		currentpar = fb_info->par;

	for (i = 0; i < ARRAY_SIZE(board_driver); i++) {		for (i = 0; i < ARRAY_SIZE(board_driver); i++) {
	struct pvr2_board *pvr_board = board_driver + i;		struct pvr2_board *pvr_board = board_driver + i;
	@@ -1102,7 +1104,7 @@ static int __init pvr2fb_init(void)
	if (ret != 0) {		if (ret != 0) {
	printk(KERN_ERR "pvr2fb: Failed init of %s device\n",		printk(KERN_ERR "pvr2fb: Failed init of %s device\n",
	pvr_board->name);		pvr_board->name);
	kfree(fb_info);		framebuffer_release(fb_info);
	break;		break;
	}		}
	}		}
	@@ -1126,7 +1128,7 @@ static void __exit pvr2fb_exit(void)
	#endif		#endif

	unregister_framebuffer(fb_info);		unregister_framebuffer(fb_info);
	kfree(fb_info);		framebuffer_release(fb_info);
	}		}

	module_init(pvr2fb_init);		module_init(pvr2fb_init);