s626: don't dereference insn->data

`s626_enc_insn_config()` is incorrectly dereferencing `insn->data` which
is a pointer to user memory.  It should be using the separate `data`
parameter that points to a copy of the data in kernel memory.

Note that this insn_config handler is being used incorrectly by this
driver anyway.  `data[0]` should be used to select the type of
configuration being performed, but this driver is treating it as a
counter preload value.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>

diff --git a/comedi/drivers/s626.c b/comedi/drivers/s626.c
index 14057ba18da6aa4e1b6210a1e32c96dbdfd8d0fa..059817c498c19fd1552ac119098c82e1bdd1a8b7 100644 (file)
--- a/comedi/drivers/s626.c
+++ b/comedi/drivers/s626.c
@@ -2263,7 +2263,7 @@ static int s626_enc_insn_config(comedi_device * dev, comedi_subdevice * s,
        //  (data==NULL) ? (Preloadvalue=0) : (Preloadvalue=data[0]);
 
        k->SetMode(dev, k, Setup, TRUE);
-       Preload(dev, k, *(insn->data));
+       Preload(dev, k, data[0]);
        k->PulseIndex(dev, k);
        SetLatchSource(dev, k, valueSrclatch);
        k->SetEnable(dev, k, (uint16_t) (enab != 0));