From f6e623a65cb301088bd04794043e82bfc996c512 Mon Sep 17 00:00:00 2001 From: Johann Felix Soden Date: Mon, 15 Feb 2010 22:23:48 +0100 Subject: [PATCH] Bluetooth: Fix out of scope variable access in hci_sock_cmsg() The pointer data can point to the variable ctv. Access to data happens when ctv is already out of scope. Signed-off-by: Johann Felix Soden Signed-off-by: Marcel Holtmann --- net/bluetooth/hci_sock.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 688cfebfbee0..38f08f6b86f6 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c @@ -329,6 +329,9 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ } if (mask & HCI_CMSG_TSTAMP) { +#ifdef CONFIG_COMPAT + struct compat_timeval ctv; +#endif struct timeval tv; void *data; int len; @@ -339,7 +342,6 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ len = sizeof(tv); #ifdef CONFIG_COMPAT if (msg->msg_flags & MSG_CMSG_COMPAT) { - struct compat_timeval ctv; ctv.tv_sec = tv.tv_sec; ctv.tv_usec = tv.tv_usec; data = &ctv;